On Feb 17, 2006, at 02:07, Elliot Foster wrote:
John Peacock wrote:
Elliot Foster wrote:
You could also use port 587 (submission) non-ssl if you're just
trying to get around port 25 being blocked. That way you
wouldn't have to re-route the connections to localhost. You
would also be able to retain the connecting IP.
But then I'd have to run a second instance of qpsmtpd in that case
(since I don't see any support for running on two ports in the
existing code).
Or do some port forwarding trickery, but that becomes clumsy, and
not intuitively maintainable. Does the trunk (or forkserver) have
code that allows it to listen on multiple ports/interfaces/ips?
I think I will look into running a second instance. Actually I only
need a second instance of the config/ directory, the rest is the
same. I will only allow AUTH'd connections over TLS, and I will not
run any of the standard plugins (it's only me sending; other admins
may want to run virus and/or spam checking) but plugins fir HashCash
addition and DomainKeys signing (once I get that to work) instead.
I used stunnel for a while, but I didn't like not being able to
tell from where someone was connecting.
I'm assuming the "some stupid admins" part was a joke? Or are
they blocking on SPF soft failures?
No joke. I don't think that SPF is ready to be used to block mail
(hard *or* soft failure). The one site is running some M$loth
anti-spam feature for Exchange and I get no reason back why they
are blocking. I have our SPF records set to hard fail and so far
I have exactly 1 domain that blocked the mail (which shows exactly
how useless SPF is)...
If anyone ever forges an email to me that says it's from you, I'll
be domain #2. :) I don't block soft failures, but I'm using it to
block phishing scams trying to deliver messages to my users,
pretending to be [EMAIL PROTECTED] (or somesuch) I tend
to get a lot of those.
I have stopped a sizeable amount of paypal phishing attempts using
SPF, so I think it is starting to work (I also added paypa1.com,
paypaI.com and paypall.com to badmailfrom). I can't give you the
exact number of messages stopped (because it's a softfail so they
retry over and over again) but it's more than 10 and less than 100.
-Johan
