[Mimedefang] Re: MTA

G.W. Haywood ged at jubileegroup.co.uk
Fri May 18 13:12:56 EDT 2007 

Hi there,

On Fri, 18 May 2007 Joseph Brennan wrote:

> > On Thu, May 17, 2007 at 10:56:50AM -0400, Daniel Aquino wrote:
> >> I wonder what type of tests are  you guys performing at the MTA level
> >> that will subvert any extra processing that would occur with
> >> mimedefang ?
> >
>
> 1. greet_pause

I use a loooong pause, sometimes I have to remove it for specific hosts
or domains that can't handle it.

> 2. ratecontrol
> 3. BAD_RCPT_THROTTLE
> 4. If sender address is string at columbia.edu, check users and aliases,
> and accept only if it is a valid address.  Done in sendmail because it
> can check users and aliases quickly.

The sendmail access database is very good.  I set a maximum number of
connections (ClientConn in the access database) and block a fairly
large number of TLDs and ISPs in there.  (Don't forget to rebuild the
access.db file after editing the access text file. :)

> 5. If nbadrcpts reaches 3, start tempfailing...

I also use MAXBADCOMMANDS=2 instead of the default 25 in srvrsmtp.c
although this is triggered far less often lately.  I don't know why,
maybe the spammers are reacting.

> RBLs are done in Mimedefang, so that we can write in exceptions...

I use milters a lot, in particular I do RBL checks before the more
expensive perl-based processing is done (mimedefang, spamassassin).
Here are the milters used on the mailservers that I run, in the order
in which they appear in sendmail.cf:

rcptfilter
spfmilter
chainmail
milter-regex
dnsbl
greylist
clmilter
mimedefang

I try to call the really processor-intensive milters are called later
than those which can give a rejection quickly.

Probably milter-regex, greylist and dnsbl do the most work, probably
in that order.  Mimedefang and clamav (clmilter) rarely get to do very
much except at one site where there are a few - shall we say - less
responsible Internet users.

In addition to what you might call application-layer stuff like this I
block a great deal of junk using dynamic iptables rules generated by a
few scripts which monitor the logs for suspicious activity.  This also
keeps the logs more manageable, so it isn't such a pain to look at them
when it's necessary.

The net result is the virtual elimination of spam.  I can't give a
very accurate figure for the fraction which gets through, but it is of
the order of 0.00001 percent.  I do have occasional issues with people
who use (I'll be careful with my words here) ISPs known for spam
problems.  There are many ISPs from who all attempts to send mail - in
fact all connection attempts - are rejected by my servers.  That
doesn't keep me awake at night, but it does mean that my approach
isn't for everyone.

--

73,
Ged.

More information about the MIMEDefang mailing list