The future of SMTP ?
Hello Sorry if this seems a bit off topic ... Postfix is really a great piece of software and we all thanks to Wiese for his tremendous work. But to fight spam and all other malicious problems it's getting more and more sophisticated and complex to configure every day. It is not a criticism it is a fact that jump to every sysadmin's face. Email communication require a more and more complicated machinery every day too. Does anyone has knowing of the future of SMTP ? Is there some project to replace it by some more secure protocol ? Understand me well , writing this I do not want to start some war I would like to know if there is some long term reflexion somewhere to build some other protocol. I know this would be a huge project ... Thanks for your attention
Re: The future of SMTP ?
On 3/13/2011 4:57 AM, Frank Bonnet wrote: Hello Sorry if this seems a bit off topic ... Postfix is really a great piece of software and we all thanks to Wiese for his tremendous work. But to fight spam and all other malicious problems it's getting more and more sophisticated and complex to configure every day. It is not a criticism it is a fact that jump to every sysadmin's face. Email communication require a more and more complicated machinery every day too. Does anyone has knowing of the future of SMTP ? Is there some project to replace it by some more secure protocol ? Understand me well , writing this I do not want to start some war I would like to know if there is some long term reflexion somewhere to build some other protocol. I know this would be a huge project ... Thanks for your attention It is very off-topic :-) Admittedly the result of a quick Google search, the article below is a fairly cogent summary of some major issues, especially why a 'replacement for SMTP' is probably the wrong question, or at least a hopeless oversimplification. It's kind of like asking why don't we make AA batteries one cm longer to store more energy. Not a technology issue per se, but an installed base of 100,000,000,... (insert zeroes as needed) http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_10-2/102_smtp.html How about one more thoughtful post at most and then a threadkill. -DB
Re: Mailbox limit not observed
On 2011-03-12 10:58:41 -0600, Stan Hoeppner wrote: No, it's not a bug. As you know maildir storage format stores one email _per file_. virtual_mailbox_limit is a _per file_ size restriction. With maildir storage it will prevent individual emails (individual files) greater than (default: 5120) in size being written into the maildir directory, but it will not limit the size of the parent directory, which is what I think you're referring to as a user mailbox. OK, thanks for the details. It seems that I misinterpreted what Noel said (The postfix limit is for mailBOX, not mailDIR.). So, this limit is also taken into account for maildir, with the following concern: if one wants to increase message_size_limit, one still needs to increase virtual_mailbox_limit, even if one uses maildir only. -- Vincent Lefèvre vinc...@vinc17.net - Web: http://www.vinc17.net/ 100% accessible validated (X)HTML - Blog: http://www.vinc17.net/blog/ Work: CR INRIA - computer arithmetic / Arénaire project (LIP, ENS-Lyon)
Re: The future of SMTP ?
Le 13/03/2011 09:57, Frank Bonnet a écrit : Hello Sorry if this seems a bit off topic ... Postfix is really a great piece of software and we all thanks to Wiese for his tremendous work. But to fight spam and all other malicious problems it's getting more and more sophisticated and complex to configure every day. It is not a criticism it is a fact that jump to every sysadmin's face. Email communication require a more and more complicated machinery every day too. Does anyone has knowing of the future of SMTP ? Is there some project to replace it by some more secure protocol ? Understand me well , writing this I do not want to start some war I would like to know if there is some long term reflexion somewhere to build some other protocol. I know this would be a huge project ... Consider this: - we get a lot of spam from systems that are owned (zombies, infected servers, ..). to prevent this, we need to secure all systems. is this feasible? not by reinventing smtp. - other spam comes from machines at hosters which also host legitimate customers. can we stop this? not by reinventing smtp. - spammers buy a lot of domains and use them in spam URLs. can we stop this? not by reinventing smtp. ... etc. I am not saying we should do nothing. I'm simply saying it's much more than an smtp design issue.
Re: The future of SMTP ?
Original-Nachricht Datum: Sun, 13 Mar 2011 09:57:20 +0100 Von: Frank Bonnet f.bon...@esiee.fr An: postfix-users@postfix.org Betreff: The future of SMTP ? Hello Sorry if this seems a bit off topic ... Postfix is really a great piece of software and we all thanks to Wiese for his tremendous work. But to fight spam and all other malicious problems it's getting more and more sophisticated and complex to configure every day. It is not a criticism it is a fact that jump to every sysadmin's face. Email communication require a more and more complicated machinery every day too. Does anyone has knowing of the future of SMTP ? Is there some project to replace it by some more secure protocol ? Understand me well , writing this I do not want to start some war I would like to know if there is some long term reflexion somewhere to build some other protocol. I know this would be a huge project ... Thanks for your attention The spamming problem is not something that you can fix by replacing SMTP with something new. If you would configure your SMTPD to only accept strict standard SMTP stuff then you will see that this alone would remove much of the spam you get (just take for example the HELO/EHLO part. If you would strictly enforce what is described in RFC then a lot of spammers (and legitime) senders would be blocked. Not that I find this okay but just to illustrate that the protocol SMTP is not the problem). And today it is not big deal to cut down spam to less then 1% of the inbound. I really don't understand why people keep telling that spam is a problem? It is only a problem if you have not properly configured your SMTPD. Today it is so easy to cut down spam and most solutions don't require huge machinery at all. -- GMX DSL Doppel-Flat ab 19,99 Euro/mtl.! Jetzt mit gratis Handy-Flat! http://portal.gmx.net/de/go/dsl
Re: The future of SMTP ?
Am 13.03.2011 12:38, schrieb Steve: And today it is not big deal to cut down spam to less then 1% of the inbound. but not only with postfix and without taking money in the hand do not tell us only with strict smtp you get 99% spam away I really don't understand why people keep telling that spam is a problem? because there are peopole out their whose time costs money? signature.asc Description: OpenPGP digital signature
Re: The future of SMTP ?
Original-Nachricht Datum: Sun, 13 Mar 2011 12:42:55 +0100 Von: Reindl Harald h.rei...@thelounge.net An: postfix-users@postfix.org Betreff: Re: The future of SMTP ? Am 13.03.2011 12:38, schrieb Steve: And today it is not big deal to cut down spam to less then 1% of the inbound. but not only with postfix No. Not only with postfix alone. But most of us are not only using postfix in their messaging infrastructure. and without taking money in the hand Money for what? Nothing is free. The hardware on which postfix runs costs money, the connectivity costs money, work time costs money, etc... But you can get a decent low inbound spam rate without paying one single cent for the anti-spam/anti-virus solution and without spending much time in implementing it. do not tell us only with strict smtp you get 99% spam away I don't know that. I just wrote that if you would enforce strict SMTP then you would already lower the spam inbound. I have never tried to use 100% strict SMTP. I can't do that. I am an ISP/ESP and following strictly the SMTP standard is not an option for me. I could do that but then I would loose much of my customers. I really don't understand why people keep telling that spam is a problem? because there are peopole out their whose time costs money? My time costs money too. As I wrote above: Nothing is free. -- NEU: FreePhone - kostenlos mobil telefonieren und surfen! Jetzt informieren: http://www.gmx.net/de/go/freephone
Re: Mailbox limit not observed
Vincent Lefevre put forth on 3/13/2011 4:24 AM: On 2011-03-12 10:58:41 -0600, Stan Hoeppner wrote: No, it's not a bug. As you know maildir storage format stores one email _per file_. virtual_mailbox_limit is a _per file_ size restriction. With maildir storage it will prevent individual emails (individual files) greater than (default: 5120) in size being written into the maildir directory, but it will not limit the size of the parent directory, which is what I think you're referring to as a user mailbox. OK, thanks for the details. It seems that I misinterpreted what Noel said (The postfix limit is for mailBOX, not mailDIR.). So, this limit is also taken into account for maildir, with the following concern: if one wants to increase message_size_limit, one still needs to increase virtual_mailbox_limit, even if one uses maildir only. If you use virtual_mailbox_limit with strictly maildir mailboxes, you may as well set message_size_limit=0 and leave it alone, so you only have one setting to keep track of. BTW, I can't see the logic in ever increasing the default, which is ~50MB. Do your users ever receive single 50MB emails? Do you want them receiving 50MB emails? If anything you should probably lower this value, not increase it, unless this is a special purpose server that regularly receives large CAD drawings or Photoshop images or the like. -- Stan
Re: The future of SMTP ?
On Sun, Mar 13, 2011 at 12:38:24PM +0100, Steve wrote: The spamming problem is not something that you can fix by replacing SMTP with something new. An appropriate illustration is the initiative taken recently by Germany's government to create a secure e-mail environment. It does not replace SMTP. It mandates encryption, digital signatures with government-issued certificates, isolation from the current SMTP network, certified providers, and (optional?) per-message fees. http://www.itworld.com/software/139104/germany-identifies-secure-way-deal-spam
Re: The future of SMTP ?
Original-Nachricht Datum: Sun, 13 Mar 2011 15:58:50 +0100 Von: Lorens Kockum postfix-users-4...@tagged.lorens.org An: postfix-users@postfix.org Betreff: Re: The future of SMTP ? On Sun, Mar 13, 2011 at 12:38:24PM +0100, Steve wrote: The spamming problem is not something that you can fix by replacing SMTP with something new. An appropriate illustration is the initiative taken recently by Germany's government to create a secure e-mail environment. It does not replace SMTP. It mandates encryption, digital signatures with government-issued certificates, isolation from the current SMTP network, certified providers, and (optional?) per-message fees. http://www.itworld.com/software/139104/germany-identifies-secure-way-deal-spam De-Mail will probably cut down Spam but that is only a side effect. The main purpose of De-Mail is not about Spam. The reasons for De-Mail are others. Anyway... I am not German but I personally am not trusting De-Mail. Why should I trust a system in which the ISP is able to decrypt my message? For me encryption needs to be end to end. -- NEU: FreePhone - kostenlos mobil telefonieren und surfen! Jetzt informieren: http://www.gmx.net/de/go/freephone
Re: The future of SMTP ?
Zitat von Frank Bonnet f.bon...@esiee.fr: Hello Sorry if this seems a bit off topic ... Postfix is really a great piece of software and we all thanks to Wiese for his tremendous work. But to fight spam and all other malicious problems it's getting more and more sophisticated and complex to configure every day. It is not a criticism it is a fact that jump to every sysadmin's face. Email communication require a more and more complicated machinery every day too. Does anyone has knowing of the future of SMTP ? Is there some project to replace it by some more secure protocol ? Understand me well , writing this I do not want to start some war I would like to know if there is some long term reflexion somewhere to build some other protocol. I know this would be a huge project ... This is not a problem of SMTP but from the idea to design a system where everyone is able to send a message to some other participant if the address is known. So you don't have to reinvent SMTP but to ditch the idea of free electronic communication. One may even argue that it is already partly the case because of ongoing blocking of IP space because of country/DUL/ISP reasons but that is not a technology (SMTP) thing but policy of the receiver. Regards Andreas smime.p7s Description: S/MIME Cryptographic Signature
Re: The future of SMTP ?
Le Sun 13/03/2011, Steve disait Am 13.03.2011 12:38, schrieb Steve: And today it is not big deal to cut down spam to less then 1% of the inbound. but not only with postfix No. Not only with postfix alone. But most of us are not only using postfix in their messaging infrastructure. And without too much collateral damages ? I can stop all spam. But how many legitime email will I block in the same time ? Yes I can stop all spam, by cutting off all email. 100% efficiency, but also 100% collateral damage... -- Erwan
Re: ? about
* Larry Vaden va...@texoma.net: Hello postfix-users, For a selected time period today, the postfix/postscreen DNSBL rank log entries are summarized as: By which tool? 1744 DNSBL rank 2 12458 DNSBL rank 3 5113 DNSBL rank 4 1099 DNSBL rank 5 1 DNSBL rank 7 Q1: Given the postscreen invocation in main.cf below the sig, what is the meaning of DNSBL rank 7? Please find the corresponding log line, so we can check this. Further, blocked using is summarized as follows: 54.6% blocked using b.barracudacentral.org; 12.1% blocked using bl.spamcop.net; 3.8% blocked using spamtrap.trblspam.com; 29.5% blocked using zen.spamhaus.org; Q2: Is a blocked using entry written for each DNSBL for which there is a hit? If not, how is it determined which DNSBL will get credit? That depends on the tool summarizing the log. postscreen_dnsbl_threshold = 2 postscreen_dnsbl_sites = zen.spamhaus.org*2 bl.spamcop.net*1 b.barracudacentral.org*1 spamtrap.trblspam.com*1 That should add up to a maximum of 5 unless a client IP can be listed multiple times in one dnsbl (?) -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
..::Smtp Attacks::..
Hi everyone. I'm sending this email because I'm looking for a reference regarding smtp attacks, this is because I'm working to create some smtp signatures for the snort solution. It's not directly with snort, I'm willing to contribute with the bleeding snort proyect. I can't find any information regarding the smtp attacks only the relay test and that kind of stuff. The question is: Is there any book related with smtp attacks, exploits or any other type of attack related with the smtp protocol? I will highly appreciated any recomendation, this signatures will help us everyone. Thanks in advance. Alfonso.
Re: ? about
On Sun, Mar 13, 2011 at 11:01 AM, Ralf Hildebrandt
ralf.hildebra...@charite.de wrote:
* Larry Vaden va...@texoma.net:
Hello postfix-users,
For a selected time period today, the postfix/postscreen DNSBL rank
log entries are summarized as:
By which tool?
Hi Ralf,
Sorry about the subject line; I hit the send key before I should
have, of course.
grep postfix/postscreen.*DNSBL rank /var/log/maillog | awk '{print
$6 $7 $8}' | sort | uniq -c
1744 DNSBL rank 2
12458 DNSBL rank 3
5113 DNSBL rank 4
1099 DNSBL rank 5
1 DNSBL rank 7
Q1: Given the postscreen invocation in main.cf below the sig, what is
the meaning of DNSBL rank 7?
Please find the corresponding log line, so we can check this.
This is the one on which this query was filed:
[root@mx4 ~]# zcat /var/log/maillog.1.gz | grep DNSBL rank 7
Mar 12 00:33:35 mx4 postfix/postscreen[2698]: DNSBL rank 7 for
[190.232.251.197]:19890
Here's a fresh one on today's business:
[root@mx4 ~]# grep -i DNSBL rank 6 /var/log/maillog
Mar 13 10:53:51 mx4 postfix/postscreen[2698]: DNSBL rank 6 for
[151.56.102.63]:19289
Further, blocked using is summarized as follows:
54.6% blocked using b.barracudacentral.org;
12.1% blocked using bl.spamcop.net;
3.8% blocked using spamtrap.trblspam.com;
29.5% blocked using zen.spamhaus.org;
Q2: Is a blocked using entry written for each DNSBL for which there
is a hit? If not, how is it determined which DNSBL will get credit?
That depends on the tool summarizing the log.
My question relates to the raw postfix log file; to be clearer,
s/written/written by postfix/g. In other words, without a tool.
postscreen_dnsbl_threshold = 2
postscreen_dnsbl_sites = zen.spamhaus.org*2
bl.spamcop.net*1 b.barracudacentral.org*1 spamtrap.trblspam.com*1
That should add up to a maximum of 5 unless a client IP can be listed
multiple times in one dnsbl (?)
Yes, so the 6s and 7s are interesting and the basis for this query.
I would like to thank the author of postscreen --- who was that?
In order to decrease the load on the DNSBLs, is it possible to ask for
consideration of adding as options some of the checks that can be done
before DNSBL checks? The one that comes to mind immediately is for a
missing rDNS.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de | http://www.charite.de
kind regards/ldv
--
Larry Vaden, CoFounder
Internet Texoma, Inc.
Serving Rural Texomaland Since 1995
We Care About Your Connection!
Re: ? about
Larry Vaden: Hello postfix-users, For a selected time period today, the postfix/postscreen DNSBL rank log entries are summarized as: 1744 DNSBL rank 2 12458 DNSBL rank 3 5113 DNSBL rank 4 1099 DNSBL rank 5 1 DNSBL rank 7 Q1: Given the postscreen invocation in main.cf below the sig, what is the meaning of DNSBL rank 7? Uncorrected multi-bit memory error? Further, blocked using is summarized as follows: 54.6% blocked using b.barracudacentral.org; 12.1% blocked using bl.spamcop.net; 3.8% blocked using spamtrap.trblspam.com; 29.5% blocked using zen.spamhaus.org; Q2: Is a blocked using entry written for each DNSBL for which there is a hit? If not, how is it determined which DNSBL will get credit? The first DNSBL that responds. Wietse
Re: The future of SMTP ?
On 3/13/2011 4:57 AM, Frank Bonnet wrote: Hello Sorry if this seems a bit off topic ... Postfix is really a great piece of software and we all thanks to Wiese for his tremendous work. Yes it is and it gets better every release. But to fight spam and all other malicious problems it's getting more and more sophisticated and complex to configure every day. It is not a criticism it is a fact that jump to every sysadmin's face. Some of the major problems are the sysadmins themselves. There are too many incompetent and/or uneducated SMTP server administrators running software they do not understand. Many also do not understand the protocol so that just adds to the problem base. Take your pick from all of the packaged server software choices and I will bet that every one of them has an Internet Mail option that is far from spam-safe. GlenB (pickcoder)
Re: ? about
* Larry Vaden va...@texoma.net: Q1: Given the postscreen invocation in main.cf below the sig, what is the meaning of DNSBL rank 7? Please find the corresponding log line, so we can check this. This is the one on which this query was filed: [root@mx4 ~]# zcat /var/log/maillog.1.gz | grep DNSBL rank 7 Mar 12 00:33:35 mx4 postfix/postscreen[2698]: DNSBL rank 7 for [190.232.251.197]:19890 $ host 197.251.232.190.b.barracudacentral.org 197.251.232.190.b.barracudacentral.org has address 127.0.0.2 1+ $ host 197.251.232.190.bl.spamcop.net 197.251.232.190.bl.spamcop.net has address 127.0.0.2 1+ $ host 197.251.232.190.spamtrap.trblspam.com Host 197.251.232.190.spamtrap.trblspam.com not found: 3(NXDOMAIN) 1+ $ host 197.251.232.190.zen.spamhaus.org 197.251.232.190.zen.spamhaus.org has address 127.0.0.11 197.251.232.190.zen.spamhaus.org has address 127.0.0.4 2*2 = 7? I would like to thank the author of postscreen --- who was that? Wietse? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: The future of SMTP ?
lst_ho...@kwsoft.de: This is not a problem of SMTP but from the idea to design a system where everyone is able to send a message to some other participant if the address is known. So you don't have to reinvent SMTP but to ditch the idea of free electronic communication. +1. Now, let's end this thread. Wietse
Re: ? about
Ralf Hildebrandt: $ host 197.251.232.190.zen.spamhaus.org 197.251.232.190.zen.spamhaus.org has address 127.0.0.11 197.251.232.190.zen.spamhaus.org has address 127.0.0.4 2*2 = 7? Surely you have enough logs of your own that you can verify that this does not happen. Wietse
Re: The future of SMTP ?
Original-Nachricht Datum: Sun, 13 Mar 2011 16:56:31 +0100 Von: Erwan David er...@rail.eu.org An: postfix-users@postfix.org Betreff: Re: The future of SMTP ? Le Sun 13/03/2011, Steve disait Am 13.03.2011 12:38, schrieb Steve: And today it is not big deal to cut down spam to less then 1% of the inbound. but not only with postfix No. Not only with postfix alone. But most of us are not only using postfix in their messaging infrastructure. And without too much collateral damages? Yes. I can stop all spam. But how many legitime email will I block in the same time ? Depends on your implementation. Yes I can stop all spam, by cutting off all email. 100% efficiency, but also 100% collateral damage... If this is what you want... then just do it. -- Erwan -- Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de
Re: ? about
* Wietse Venema wie...@porcupine.org: Ralf Hildebrandt: $ host 197.251.232.190.zen.spamhaus.org 197.251.232.190.zen.spamhaus.org has address 127.0.0.11 197.251.232.190.zen.spamhaus.org has address 127.0.0.4 2*2 = 7? Surely you have enough logs of your own that you can verify that this does not happen. Well, I was just wondering :) I'll go grep some logs. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: ? about
On Sun, Mar 13, 2011 at 12:38 PM, Ralf Hildebrandt ralf.hildebra...@charite.de wrote: I would like to thank the author of postscreen --- who was that? Wietse? As always, THANKS Weitse! -- Larry Vaden, CoFounder Internet Texoma, Inc. Serving Rural Texomaland Since 1995 We Care About Your Connection!
Re: ? about
On Sun, Mar 13, 2011 at 12:35 PM, Wietse Venema wie...@porcupine.org wrote: Q1: Given the postscreen invocation in main.cf below the sig, what is the meaning of DNSBL rank 7? Uncorrected multi-bit memory error? The boxen are Compaq DL380s with ECC; I'll leave it to you to discern their capabilities as I am merely a rural ISP :) I'm reminded of Seymour Cray's comments about parity. kind regards/ldv
Re: ? about
* Wietse Venema wie...@porcupine.org:
Ralf Hildebrandt:
$ host 197.251.232.190.zen.spamhaus.org
197.251.232.190.zen.spamhaus.org has address 127.0.0.11
197.251.232.190.zen.spamhaus.org has address 127.0.0.4
2*2 = 7?
Surely you have enough logs of your own that you can verify
that this does not happen.
I'm using
postscreen_dnsbl_sites = secretkey.zen.dq.spamhaus.net, swl.spamhaus.org*-1
postscreen_dnsbl_reply_map = texthash:/etc/postfix/dnsbl_reply
postscreen_dnsbl_threshold = 1
and found
# zfgrep -i DNSBL rank /var/log/OLD/*/mail.log.gz | awk '{print $8}' | sort
| uniq -c
604767 1
15 2
2 3
The last line IS a bit freaky, so looking for that:
# zfgrep -i DNSBL rank 3 /var/log/OLD/*/mail.log.gz
/var/log/OLD/2011-03-03/mail.log.gz:Mar 3 13:08:08 mail
postfix/postscreen[21412]: DNSBL rank 3 for [188.81.123.210]:50826
/var/log/OLD/2011-03-03/mail.log.gz:Mar 3 13:08:08 mail
postfix/postscreen[21412]: DNSBL rank 3 for [188.81.123.210]:50827
# zfgrep postscreen /var/log/OLD/2011-03-03/mail.log.gz |fgrep 188.81.123.210
Mar 3 13:08:02 mail postfix/postscreen[21412]: CONNECT from
[188.81.123.210]:49685 to [141.42.202.200]:25
Mar 3 13:08:02 mail postfix/postscreen[21412]: HANGUP after 0 from
[188.81.123.210]:49685 in tests before SMTP handshake
Mar 3 13:08:02 mail postfix/postscreen[21412]: DISCONNECT
[188.81.123.210]:49685
Mar 3 13:08:02 mail postfix/postscreen[21412]: CONNECT from
[188.81.123.210]:49687 to [141.42.202.200]:25
Mar 3 13:08:02 mail postfix/postscreen[21412]: HANGUP after 0 from
[188.81.123.210]:49687 in tests before SMTP handshake
Mar 3 13:08:02 mail postfix/postscreen[21412]: DISCONNECT
[188.81.123.210]:49687
Mar 3 13:08:02 mail postfix/postscreen[21412]: CONNECT from
[188.81.123.210]:50826 to [141.42.202.200]:25
Mar 3 13:08:02 mail postfix/postscreen[21412]: CONNECT from
[188.81.123.210]:50827 to [141.42.202.200]:25
Mar 3 13:08:08 mail postfix/postscreen[21412]: DNSBL rank 3 for
[188.81.123.210]:50826
Mar 3 13:08:08 mail postfix/postscreen[21412]: DNSBL rank 3 for
[188.81.123.210]:50827
Mar 3 13:08:09 mail postfix/postscreen[21412]: NOQUEUE: reject: RCPT from
[188.81.123.210]:50827: 550 5.7.1 Service unavailable; client [188.81.123.210]
blocked using zen.spamhaus.org;
from=cal...@udufwgkdubwfjcujweihucwdhbcwva.kollaps.in,
to=ai.schna...@charite.de, proto=ESMTP, helo=device.lan
Mar 3 13:08:09 mail postfix/postscreen[21412]: NOQUEUE: reject: RCPT from
[188.81.123.210]:50826: 550 5.7.1 Service unavailable; client [188.81.123.210]
blocked using zen.spamhaus.org;
from=ri...@udufwgkdubwfjcujweihucwdhbcwva.kollaps.in, to=ah...@charite.de,
proto=ESMTP, helo=device.lan
Mar 3 13:08:09 mail postfix/postscreen[21412]: HANGUP after 0.35 from
[188.81.123.210]:50827 in tests after SMTP handshake
Mar 3 13:08:09 mail postfix/postscreen[21412]: DISCONNECT
[188.81.123.210]:50827
Mar 3 13:08:09 mail postfix/postscreen[21412]: HANGUP after 0.35 from
[188.81.123.210]:50826 in tests after SMTP handshake
Mar 3 13:08:09 mail postfix/postscreen[21412]: DISCONNECT
[188.81.123.210]:50826
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de | http://www.charite.de
Re: ? about
Larry Vaden: On Sun, Mar 13, 2011 at 12:35 PM, Wietse Venema wie...@porcupine.org wrote: Q1: Given the postscreen invocation in main.cf below the sig, what is the meaning of DNSBL rank 7? Uncorrected multi-bit memory error? The boxen are Compaq DL380s with ECC; I'll leave it to you to discern their capabilities as I am merely a rural ISP :) Joking aside, I have found an example here. It happens when some DNSBL lookup results for an old DNSBL query arrive after postscreen has already dropped the client. If that client has connected again in the mean time, the DNSBL results are added to the score for the new DNSBL query. That's pretty harmless, and easy enough to fix. Number the queries, and ignore replies for old DNSBL queries. Wietse
Re: ? about
On Sun, Mar 13, 2011 at 1:16 PM, Larry Vaden va...@texoma.net wrote: On Sun, Mar 13, 2011 at 12:43 PM, Wietse Venema wie...@porcupine.org wrote: Ralf Hildebrandt: $ host 197.251.232.190.zen.spamhaus.org 197.251.232.190.zen.spamhaus.org has address 127.0.0.11 197.251.232.190.zen.spamhaus.org has address 127.0.0.4 2*2 = 7? Surely you have enough logs of your own that you can verify that this does not happen. For your interpretation: [root@mx4 ~]# grep -i 151.56.102.63 /var/log/maillog Mar 13 10:53:45 mx4 postfix/postscreen[2698]: CONNECT from [151.56.102.63]:19288 Mar 13 10:53:45 mx4 postfix/postscreen[2698]: HANGUP after 0 from [151.56.102.63]:19288 in tests before SMTP handshake Mar 13 10:53:45 mx4 postfix/postscreen[2698]: DISCONNECT [151.56.102.63]:19288 Mar 13 10:53:45 mx4 postfix/postscreen[2698]: CONNECT from [151.56.102.63]:19289 Mar 13 10:53:45 mx4 postfix/dnsblog[7617]: addr 151.56.102.63 listed by domain b.barracudacentral.org as 127.0.0.2 Mar 13 10:53:45 mx4 postfix/dnsblog[7584]: addr 151.56.102.63 listed by domain b.barracudacentral.org as 127.0.0.2 Mar 13 10:53:45 mx4 postfix/dnsblog[7576]: addr 151.56.102.63 listed by domain zen.spamhaus.org as 127.0.0.10 Mar 13 10:53:45 mx4 postfix/dnsblog[7615]: addr 151.56.102.63 listed by domain zen.spamhaus.org as 127.0.0.10 Mar 13 10:53:51 mx4 postfix/postscreen[2698]: DNSBL rank 6 for [151.56.102.63]:19289 Mar 13 10:53:52 mx4 postfix/postscreen[2698]: NOQUEUE: reject: RCPT from [151.56.102.63]:19289: 550 5.7.1 Service unavailable; client [151.56.102.63] blocked using b.barracudacentral.org; from=kayl...@nerdly.net, to=garyst...@texoma.net, proto=SMTP, helo=texoma.net Mar 13 10:53:52 mx4 postfix/postscreen[2698]: DISCONNECT [151.56.102.63]:19289 [root@mx4 ~]# So, it looks like the DNSBL that gets the credit is _perhaps_ the first to respond, I dunno for sure. Weitse, Please let me try to advance the request to make certain other tests available as an option in postscreen; namely, note the helo above; unless I have watched too much Dennis Miller and am wrong about this, we could have rejected said based on the helo, in other cases, based on the absence of rDNS, thus taking load off the DNSBLs. kind regards/ldv -- Larry Vaden, CoFounder Internet Texoma, Inc. Serving Rural Texomaland Since 1995 We Care About Your Connection!
Re: ? about
Larry Vaden: Weitse, That is not my name. Please let me try to advance the request to make certain other tests available as an option in postscreen; namely, note the helo above; unless I have watched too much Dennis Miller and am wrong about this, we could have rejected said based on the helo, in other cases, based on the absence of rDNS, thus taking load off the DNSBLs. Postscreen does HELO processing after it has completed the DBSNL and pregreet tests. Wietse
Re: ? about
On Sun, Mar 13, 2011 at 1:47 PM, Wietse Venema wie...@porcupine.org wrote: Larry Vaden: Weitse, That is not my name. Dr. Venema, my most sincere apologies. OMG, my son is correct, 9 stents and a pacemaker later, I should avoid public discourse. Please let me try to advance the request to make certain other tests available as an option in postscreen; namely, note the helo above; unless I have watched too much Dennis Miller and am wrong about this, we could have rejected said based on the helo, in other cases, based on the absence of rDNS, thus taking load off the DNSBLs. Postscreen does HELO processing after it has completed the DBSNL and pregreet tests. Wietse Request withdrawn, but may I ask why so we can close this thread? This is news to me (see proviso above, I probably read it and just don't remember it). Is the HELO test enabled by default or did I miss how to enable the HELO test? regards/ldv
Re: ? about
Wietse: Postscreen does HELO processing after it has completed the DBSNL and pregreet tests. Larry Vaden: Request withdrawn, but may I ask why so we can close this thread? This is news to me (see proviso above, I probably read it and just don't remember it). Is the HELO test enabled by default or did I miss how to enable the HELO test? I suggest reading http://www.postfix.org/POSTSCREEN_README.html#fail_before_220 In this context, enforce means go collect the helo and sender and recipient, then log that information. Wietse
Re: ? about
On Sun, Mar 13, 2011 at 01:35:57PM -0400, Wietse Venema wrote: Larry Vaden: Hello postfix-users, For a selected time period today, the postfix/postscreen DNSBL rank log entries are summarized as: 1744 DNSBL rank 2 12458 DNSBL rank 3 5113 DNSBL rank 4 1099 DNSBL rank 5 1 DNSBL rank 7 Q1: Given the postscreen invocation in main.cf below the sig, what is the meaning of DNSBL rank 7? Mine can add up to 10, but I've seen one at 12 and one at 16. User error was a contributing factor. This might be reproducible, and perhaps in some cases could violate policy. In *very* unlikely circumstances, this could reject wanted mail. -rw-r--r-- 1 root root 23066 Feb 27 20:46 /etc/postfix/main.cf -rw-r--r-- 1 root root 247 Feb 27 20:49 /etc/postfix/postscreen_access.cidr I enabled the postscreen_access.cidr in main.cf about 3 minutes before creating that file. Feb 27 20:46:46 cardinal postfix/postscreen[19863]: fatal: open /etc/postfix/postscreen_access.cidr: No such file or directory Feb 27 20:46:47 cardinal postfix/master[1492]: warning: process /usr/libexec/postfix/postscreen pid 19863 exit status 1 Feb 27 20:46:47 cardinal postfix/master[1492]: warning: /usr/libexec/postfix/postscreen: bad command startup -- throttling Feb 27 20:47:47 cardinal postfix/postscreen[19921]: fatal: open /etc/postfix/postscreen_access.cidr: No such file or directory Feb 27 20:47:48 cardinal postfix/master[1492]: warning: process /usr/libexec/postfix/postscreen pid 19921 exit status 1 Feb 27 20:47:48 cardinal postfix/master[1492]: warning: /usr/libexec/postfix/postscreen: bad command startup -- throttling Feb 27 20:48:48 cardinal postfix/postscreen[19945]: fatal: open /etc/postfix/postscreen_access.cidr: No such file or directory Feb 27 20:48:49 cardinal postfix/master[1492]: warning: process /usr/libexec/postfix/postscreen pid 19945 exit status 1 Feb 27 20:48:49 cardinal postfix/master[1492]: warning: /usr/libexec/postfix/postscreen: bad command startup -- throttling ... and postscreen was understandably not happy. But when I hit F2 (save) in my trusty editor mc(1), all was forgiven: Feb 27 20:49:49 cardinal postfix/postscreen[19956]: CONNECT from [186.58.57.178]:10383 Feb 27 20:49:49 cardinal postfix/postscreen[19956]: CONNECT from [95.135.200.136]:7986 Feb 27 20:49:49 cardinal postfix/postscreen[19956]: HANGUP after 0 from [186.58.57.178]:10383 in tests before SMTP handshake Feb 27 20:49:49 cardinal postfix/postscreen[19956]: DISCONNECT [186.58.57.178]:10383 Feb 27 20:49:49 cardinal postfix/postscreen[19956]: CONNECT from [95.105.171.227]:16467 Feb 27 20:49:49 cardinal postfix/postscreen[19956]: HANGUP after 0 from [95.135.200.136]:7986 in tests before SMTP handshake Feb 27 20:49:49 cardinal postfix/postscreen[19956]: DISCONNECT [95.135.200.136]:7986 Feb 27 20:49:49 cardinal postfix/postscreen[19956]: CONNECT from [95.135.200.136]:10354 Feb 27 20:49:49 cardinal postfix/postscreen[19956]: HANGUP after 0 from [95.105.171.227]:16467 in tests before SMTP handshake Feb 27 20:49:49 cardinal postfix/postscreen[19956]: DISCONNECT [95.105.171.227]:16467 Feb 27 20:49:49 cardinal postfix/postscreen[19956]: CONNECT from [95.105.171.227]:17718 Feb 27 20:49:49 cardinal postfix/postscreen[19956]: CONNECT from [90.176.45.181]:63096 Feb 27 20:49:49 cardinal postfix/postscreen[19956]: CONNECT from [95.135.123.84]:52370 Feb 27 20:49:50 cardinal postfix/dnsblog[19961]: addr 95.135.200.136 listed by domain bl.spameatingmonkey.net as 127.0.0.3 Feb 27 20:49:50 cardinal postfix/dnsblog[19958]: addr 186.58.57.178 listed by domain bl.spameatingmonkey.net as 127.0.0.3 Feb 27 20:49:50 cardinal postfix/dnsblog[19963]: addr 95.135.200.136 listed by domain zen.spamhaus.org as 127.0.0.4 Feb 27 20:49:50 cardinal postfix/dnsblog[19963]: addr 95.135.200.136 listed by domain zen.spamhaus.org as 127.0.0.11 Feb 27 20:49:50 cardinal postfix/dnsblog[19969]: addr 95.135.200.136 listed by domain zen.spamhaus.org as 127.0.0.4 Feb 27 20:49:50 cardinal postfix/dnsblog[19969]: addr 95.135.200.136 listed by domain zen.spamhaus.org as 127.0.0.11 Feb 27 20:49:50 cardinal postfix/dnsblog[19963]: addr 95.135.200.136 listed by domain bl.spameatingmonkey.net as 127.0.0.3 Feb 27 20:49:50 cardinal postfix/dnsblog[19959]: addr 186.58.57.178 listed by domain zen.spamhaus.org as 127.0.0.11 Feb 27 20:49:50 cardinal postfix/dnsblog[19959]: addr 186.58.57.178 listed by domain zen.spamhaus.org as 127.0.0.4 Feb 27 20:49:50 cardinal postfix/dnsblog[19965]: addr 95.105.171.227 listed by domain bl.spamcop.net as 127.0.0.2 Feb 27 20:49:50 cardinal postfix/dnsblog[19970]: addr 95.105.171.227 listed by domain bl.spamcop.net as 127.0.0.2 Feb 27 20:49:50 cardinal postfix/dnsblog[19960]: addr 95.135.200.136 listed by domain bl.spamcop.net as 127.0.0.2 Feb 27 20:49:50 cardinal postfix/dnsblog[19961]: addr 95.135.200.136 listed by domain bl.spamcop.net as 127.0.0.2 Feb 27 20:49:50 cardinal postfix/dnsblog[19959]: addr
PATCH: postscreen delayed DNSBL responses
The attached patch numbers all postscreen(8) DNSBL requests, so
that delayed DNSBL results for an old session are not added to the
score when the same remote SMTP client has reconnected in the mean
time.
This error was rare enough that it should not affect real email.
Use postfix reload after make upgrade on a running Postfix
system. This is needed because the protocol between postscreen(8)
and dnsblog(8) has changed.
Wietse
20110313
Bugfix (introduced Postfix 2.8): number the postscreen DNSBL
requests, so that delayed results for an old session are
not added to the score when the same remote SMTP client has
reconnected in the mean time. Files: postscreen/postscreen_dnsbl.c,
dnsblog/dnsblog.c.
diff --exclude=man --exclude=html --exclude=README_FILES --exclude=.indent.pro
--exclude=Makefile.in -r -cr
/var/tmp/postfix-2.9-20110228/src/dnsblog/dnsblog.c ./src/dnsblog/dnsblog.c
*** /var/tmp/postfix-2.9-20110228/src/dnsblog/dnsblog.c Sun Jan 16 12:39:46 2011
--- ./src/dnsblog/dnsblog.c Sun Mar 13 14:41:05 2011
***
*** 14,21
/* .ad
/* .fi
/*With each connection, the \fBdnsblog\fR(8) server receives
! /*a DNS white/blacklist domain name and an IP address. If the
! /*address is listed under the DNS white/blacklist, the
/*\fBdnsblog\fR(8) server logs the match and replies with the
/*query arguments plus a non-zero status. Otherwise it replies
/*with the query arguments plus a zero status. Finally, The
--- 14,21
/* .ad
/* .fi
/*With each connection, the \fBdnsblog\fR(8) server receives
! /*a DNS white/blacklist domain name, IP address, and an ID.
! /*If the address is listed under the DNS white/blacklist, the
/*\fBdnsblog\fR(8) server logs the match and replies with the
/*query arguments plus a non-zero status. Otherwise it replies
/*with the query arguments plus a zero status. Finally, The
***
*** 215,220
--- 215,221
static void dnsblog_service(VSTREAM *client_stream, char *unused_service,
char **argv)
{
+ int request_id;
/*
* Sanity check. This service takes no command-line arguments.
***
*** 231,243
ATTR_FLAG_MORE | ATTR_FLAG_STRICT,
ATTR_TYPE_STR, MAIL_ATTR_RBL_DOMAIN, rbl_domain,
ATTR_TYPE_STR, MAIL_ATTR_ACT_CLIENT_ADDR, addr,
! ATTR_TYPE_END) == 2) {
(void) dnsblog_query(result, STR(rbl_domain), STR(addr));
if (var_dnsblog_delay 0)
sleep(var_dnsblog_delay);
attr_print(client_stream, ATTR_FLAG_NONE,
ATTR_TYPE_STR, MAIL_ATTR_RBL_DOMAIN, STR(rbl_domain),
ATTR_TYPE_STR, MAIL_ATTR_ACT_CLIENT_ADDR, STR(addr),
ATTR_TYPE_STR, MAIL_ATTR_RBL_ADDR, STR(result),
ATTR_TYPE_END);
vstream_fflush(client_stream);
--- 232,246
ATTR_FLAG_MORE | ATTR_FLAG_STRICT,
ATTR_TYPE_STR, MAIL_ATTR_RBL_DOMAIN, rbl_domain,
ATTR_TYPE_STR, MAIL_ATTR_ACT_CLIENT_ADDR, addr,
! ATTR_TYPE_INT, MAIL_ATTR_LABEL, request_id,
! ATTR_TYPE_END) == 3) {
(void) dnsblog_query(result, STR(rbl_domain), STR(addr));
if (var_dnsblog_delay 0)
sleep(var_dnsblog_delay);
attr_print(client_stream, ATTR_FLAG_NONE,
ATTR_TYPE_STR, MAIL_ATTR_RBL_DOMAIN, STR(rbl_domain),
ATTR_TYPE_STR, MAIL_ATTR_ACT_CLIENT_ADDR, STR(addr),
+ ATTR_TYPE_INT, MAIL_ATTR_LABEL, request_id,
ATTR_TYPE_STR, MAIL_ATTR_RBL_ADDR, STR(result),
ATTR_TYPE_END);
vstream_fflush(client_stream);
diff --exclude=man --exclude=html --exclude=README_FILES --exclude=.indent.pro
--exclude=Makefile.in -r -cr
/var/tmp/postfix-2.9-20110228/src/postscreen/postscreen_dnsbl.c
./src/postscreen/postscreen_dnsbl.c
*** /var/tmp/postfix-2.9-20110228/src/postscreen/postscreen_dnsbl.c Sat Jan
15 18:09:25 2011
--- ./src/postscreen/postscreen_dnsbl.c Sun Mar 13 14:35:02 2011
***
*** 143,148
--- 143,149
int total;/* combined blocklist score */
int refcount; /* score reference count */
int pending_lookups; /* nr of DNS requests in flight */
+ int request_id; /* duplicate suppression */
/* Call-back table support. */
int index;/* next table index */
int limit;/* last valid index */
***
*** 344,349
--- 345,351
PSC_DNSBL_HEAD *head;
PSC_DNSBL_SITE *site;
ARGV *reply_argv;
+ int request_id;
PSC_CLEAR_EVENT_REQUEST(vstream_fileno(stream), psc_dnsbl_receive,
context);
***
*** 367,376
Re: ? about
Wietse Venema put forth on 3/13/2011 1:47 PM: Larry Vaden: Weitse, That is not my name. Unfortunately in the US we all had the following English spelling rule hard wired into our synapses somewhere between the 1st and 4th grade: I before E except after C Some of us are able to overcome this when spelling Dutch (and other) names, some apparently not. -- Stan
Re: ? about
Stan Hoeppner put forth on 3/13/2011 3:08 PM: Wietse Venema put forth on 3/13/2011 1:47 PM: Larry Vaden: Weitse, That is not my name. Unfortunately in the US we all had the following English spelling rule hard wired into our synapses somewhere between the 1st and 4th grade: I before E except after C Some of us are able to overcome this when spelling Dutch (and other) names, some apparently not. I should have added a winky to that in case some don't catch the dry sarcastic wit. So ;) -- Stan
Re: Mailbox limit not observed
On 2011-03-13 07:52:11 -0500, Stan Hoeppner wrote: If you use virtual_mailbox_limit with strictly maildir mailboxes, you may as well set message_size_limit=0 and leave it alone, so you only have one setting to keep track of. Is 0 accepted for this option? http://www.postfix.org/postconf.5.html just says: message_size_limit (default: 1024) The maximal size in bytes of a message, including envelope information. Note: be careful when making changes. Excessively small values will result in the loss of non-delivery notifications, when a bounce message size exceeds the local or remote MTA's message size limit. BTW, I can't see the logic in ever increasing the default, which is ~50MB. The default for message_size_limit is ~10 MB (see above). So, at least the value of this option should be increased if one wants to receive messages of larger size. -- Vincent Lefèvre vinc...@vinc17.net - Web: http://www.vinc17.net/ 100% accessible validated (X)HTML - Blog: http://www.vinc17.net/blog/ Work: CR INRIA - computer arithmetic / Arénaire project (LIP, ENS-Lyon)
Re: PATCH: postscreen delayed DNSBL responses
Wietse Venema: The attached patch numbers all postscreen(8) DNSBL requests, so that delayed DNSBL results for an old session are not added to the score when the same remote SMTP client has reconnected in the mean time. This error was rare enough that it should not affect real email. Use postfix reload after make upgrade on a running Postfix system. This is needed because the protocol between postscreen(8) and dnsblog(8) has changed. Also fixed with postfix-2.9-20110313. Wietse
Re: PATCH: postscreen delayed DNSBL responses
On Sun, Mar 13, 2011 at 5:55 PM, Wietse Venema wie...@porcupine.org wrote: Wietse Venema: The attached patch numbers all postscreen(8) DNSBL requests, so that delayed DNSBL results for an old session are not added to the score when the same remote SMTP client has reconnected in the mean time. This error was rare enough that it should not affect real email. Use postfix reload after make upgrade on a running Postfix system. This is needed because the protocol between postscreen(8) and dnsblog(8) has changed. Also fixed with postfix-2.9-20110313. Wietse THANKS/ldv -- Larry Vaden, CoFounder Internet Texoma, Inc. Serving Rural Texomaland Since 1995 We Care About Your Connection!
Re: The future of SMTP ?
Le 13/03/2011 16:56, Erwan David a écrit : Le Sun 13/03/2011, Steve disait Am 13.03.2011 12:38, schrieb Steve: And today it is not big deal to cut down spam to less then 1% of the inbound. but not only with postfix No. Not only with postfix alone. But most of us are not only using postfix in their messaging infrastructure. And without too much collateral damages ? I can stop all spam. But how many legitime email will I block in the same time ? what are you are trying to say? Yes I can stop all spam, by cutting off all email. 100% efficiency, but also 100% collateral damage... come on. we do block most spam without much FPs. sure, we do block mail from residential IPs, from hosts which behave as ratenets, ... but we don't consider that to be FPs.
Re: The future of SMTP ?
Le 13/03/2011 16:52, lst_ho...@kwsoft.de a écrit : Zitat von Frank Bonnet f.bon...@esiee.fr: Hello Sorry if this seems a bit off topic ... Postfix is really a great piece of software and we all thanks to Wiese for his tremendous work. But to fight spam and all other malicious problems it's getting more and more sophisticated and complex to configure every day. It is not a criticism it is a fact that jump to every sysadmin's face. Email communication require a more and more complicated machinery every day too. Does anyone has knowing of the future of SMTP ? Is there some project to replace it by some more secure protocol ? Understand me well , writing this I do not want to start some war I would like to know if there is some long term reflexion somewhere to build some other protocol. I know this would be a huge project ... This is not a problem of SMTP but from the idea to design a system where everyone is able to send a message to some other participant if the address is known. So you don't have to reinvent SMTP but to ditch the idea of free electronic communication. yep. and one thing here: the debian lists are still open. and I like it. there is some spam, but not that much. I appreciate the position: spam won't force us to abandon our principles of open communication. kudos to debian lists. One may even argue that it is already partly the case because of ongoing blocking of IP space because of country/DUL/ISP reasons but that is not a technology (SMTP) thing but policy of the receiver. yep again.
Re: ..::Smtp Attacks::..
Le 13/03/2011 17:57, Alfonso Alejandro Reyes Jimenez a écrit : Hi everyone. I'm sending this email because I'm looking for a reference regarding smtp attacks, this is because I'm working to create some smtp signatures for the snort solution. It's not directly with snort, I'm willing to contribute with the bleeding snort proyect. I can't find any information regarding the smtp attacks only the relay test and that kind of stuff. The question is: Is there any book related with smtp attacks, exploits or any other type of attack related with the smtp protocol? I will highly appreciated any recomendation, this signatures will help us everyone. This is the wrong place. if we find attacks on postfix, we would report them and they will be fixed. anyway, that signature approach is say what...? it's helpful to find software that's not maintained. but do we need signatures for that?
Re: The future of SMTP ?
On Sun, 13 Mar 2011, Frank Bonnet wrote: But to fight spam and all other malicious problems it's getting more and more sophisticated and complex to configure every day. It is not a criticism it is a fact that jump to every sysadmin's face. Does anyone has knowing of the future of SMTP ? Is there some project to replace it by some more secure protocol ? I, too, would have to say no to this one. SMTP is used largely because it has worked since the standard was implemented with RFC 822 back nearly 30 years ago and it still works, for all intents, and in fact does exactly what it says on the tin. So it's not SMTP that's broken, it's pretty much a) the end users who allow their machines to be zombied as a result of not exercising proper security practices, and b) the scumbags who actually generate the crap. The best we can really do is implement the spam blocks for receiving, unfortunately, and continue the usual practices: SPF implementations, the varying blacklists, etc. -Dennis
Re: The future of SMTP ?
On Sun, 13 Mar 2011, Reindl Harald wrote: Am 13.03.2011 12:38, schrieb Steve: I really don't understand why people keep telling that spam is a problem? because there are peopole out their whose time costs money? This prt of the problem I suspect is marginal. It's not the cost, it's who's making the money. Consider that part of my background involves being the mailroom guy in an outfit that routinely sent out bulk snail mail here in the US. As annoying as junk mail is, it's documentably easier to target than email and somebody is actually putting time, money, and effort into this stuff - you have to buy the advertisement materials and the address list, somebody is getting paid to collate and prepare everything, and somebody is hauling it down to the post office - who takes their payment in the form of postage. Busted my ass for that, I did, and it was decent money - when the company owner was not there to tell me how to do my job. =) A spammer? It's just a list of email addresses. Push a button and sure, the spam is targeted - to a bunch of email addresses. Doesn't work so hot - my girlfriend gets ads for Viagra and penis enlargement, and I get ads for having my organ enlarged. Why would I want an enlarged heart or liver ? Meanwhile, for ten minutes of work max, these assholes need only press a button and go get a cup of coffee, and they just made a mint. So the problem is not with SMTP, it's with the spammers. Only thing we can do is block them. I really, REALLY wish there was more we could do so we can stop them - but the only thing we can do to stop them is to make it cost more than it's worth, and the only way I can admittedly come up with would be pretty unethical. . -Dennis
