-----Original Message----- From: Matus UHLAR - fantomas [mailto:uh...@fantomas.sk] Sent: Tuesday, 17 March 2009 10:17 p.m. To: users@spamassassin.apache.org Subject: Re: JoeJobbed - Vbounce plugin - SPF?.
On 17.03.09 14:02, Michael Hutchinson wrote: >> I'm running Spamassassin 3.1.7, with netqmail 1.05, ClamAv etc.. > ooooold ! The current SA version is 3.2.5 - upgrade. Yes, I know it's old :) The upgrade is in the pipeline, but not for a couple of months yet. Mind you, it still runs pretty well and does catch a lot of Spam, for it's age. >> We initially tried 'riding out the storm' as it were, but were unable >> to keep on top of the load put on the servers by excessive E-Mail >> messages requiring scanning by SA. This got so bad that the mailserver >> had become unresponsive to our clients. > qmail is known for bouncing, instead of rejecting unknown recipients at SMTP leve. You filter unknown > recipients? If not, this is your problem. If an smtproutes entry forces me to accept unknown recipients for said affected domain, then Yes, and I would assume that this is the behaviour. >> How might I keep delivery flowing to valid recipients for the domain >> (smarthosted (smtproutes) to exchange) but reject the blowback at SMTP >> time? >So you do NOT reject invalid recipients? Change qmail, or at least its SMTP server. There are afaik some >that can do that. Yes, that can be done with a valid rcptto patch for qmail. I've not applied the patch, but have added it to the list. >And, optionally, consider some rules of rejecting before queeuing - block invalid HELO strings, senders in >some reliable blacklists etc. This helps. I will work at blocking invalid HELO and some certain subjects at SMTP time, for a while after a joe job. >> I was considering convincing the powers to let me setup SPF, but their >> requirement would be to have both v1 and v2 spf tags - and I'm not >> sure whether Q-Mail is up to both yet, but some kind of SPF >> implementation where we check the tags (not necessarily publish them) >> but I guess that's an MTA question:) >forget SPF v2. Use v1 but don't expect huge results, there's still many SMTP servers not checking the >SPF... OK, What's wrong with SPF v2 ? Thanks for your reply, Matus, I appreciate your help and ideas. Cheers, Michael Hutchinson Manux Solutions Limited.