[Sussex] [Fwd: [lugmaster] Updated mail setup]

Steven Dobson steve at dobson.org
Mon Mar 20 09:47:23 UTC 2006


Guys

There has been a admin revam of the mail system.

Andy is looking for any problems so that he can fix them.

If your are using your IPS's email system or something like GMail then
you should be okay.

If you are running your own then you might not have configured it
properly.  If so please check your logs to find out why it has been
rejected before posting a bug report.

If in doubt contact me.

Ta
Steve

-------- Forwarded Message --------
From: Andy Smith <andy at lug.org.uk>
Reply-To: A closed discussion list for UK LUGMasters.
<lugmaster at mailman.lug.org.uk>
To: lugmaster <lugmaster at mailman.lug.org.uk>
Subject: [lugmaster] Updated mail setup
Date: Sun, 19 Mar 2006 23:16:34 +0000

Hello,

We've changed the mail setup for addresses @lug.org.uk and
@mailman.lug.org.uk (i.e. all lists) by putting another mail server
in front of them.

This mail server runs the Debian Sarge version of Exim 4 with some
decent and hopefully sensible antispam measures.

If you or your LUG members notice any problems mailing addresses
@lug.org.uk or @mailman.lug.org.uk then please let us know ASAP at
admin at mailman.lug.org.uk.

A more detailed explanation of the antispam and antivirus measures
follows, for those interested in such things:

- Sender domain verification

  The sender's domain (e.g. "example.com" for an email from
  "bob at example.com") must exist in DNS.  It must have MX records
  that are valid.  If either of those things are flase then the mail
  would be unreplyable anyway.  Such mails are permanently rejected.
  
- HELO tests

  The HELO string that is given must be syntactically valid, and
  must not be the IP or hostname of anything local, e.g. localhost,
  lug.org.uk, mailman.lug.org.uk.

  Syntax errors are temporarily rejected; forgeries are permanently
  rejected.

- DNSBL tests

  Some trusted DNSBLs are used in a permanent rejection mode:

  - dul.dnsbl.sorbs.net

    Rejects IPs that are thought to be dynamic and/or residential;
    such users should be using their ISP's mail servers.

  - cbl.abuseat.org

    IPs with signatures of trojans/malware/open proxies.

  - opm.blitzed.org

    Open proxies.

  This is an intentionally conservative DNSBL setup because of the
  problems of false positives.  Other DNSBLs are used by
  SpamAssassin for scoring purposes.

  From my testing the vast majority of connections have been
  rejected by this point; very few connections are for legitimate
  email.

- Greylisting

  greylistd is used to temporarily reject every triple:

  <sender address> <recipient address> <sender's ip>

  for 10 minutes.  If after 10 minutes the same triple comes back
  then it is whitelisted from the greylisting for 60 days.  If it
  does not return within 8 hours then the entry is removed.

  I am not sure about this one but it's fairly harmless to give it a
  go, and giving it a go seems the only way to really test it out.

- SpamAssassin

  A call is made to spamd at the end of the DATA phase of the SMTP
  conversation.  If the email scores 10 or above then it is
  permanently rejected with a sensible message informing the sender
  of the reason, the score, and that they an contact the postmaster@
  address for assistance.

  If the mail scores less than 10 then the following headers are
  added:

  X-lug.org.uk-Spam-Score:

        A one-line header giving the numeric score and also a
        symbolic score consisting of a number of ='s which may be
        easier for your software to match on.

  X-lug.org.uk-Spam-Report

        A multiline report detailing which tests were matched and
        what their scores were.

  postmaster@, root@ and abuse@ at all domains are exempted from
  spam checks.

- Antivirus

  A call is made to ClamAV at the end of the DATA phase of the SMTP
  conversation.  Malware is permanently rejected.

If anyone has any massive objection about any of these measures then
I'm happy to hear them and also happy to back them out, but only in
the face of real and unacceptable false positives or other problems.

Cheers,
Andy
_______________________________________________
lugmaster mailing list
lugmaster at mailman.lug.org.uk
http://mailman.lug.org.uk/mailman/listinfo/lugmaster
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
Url : http://mailman.lug.org.uk/pipermail/sussex/attachments/20060320/cda06789/attachment.pgp 


More information about the Sussex mailing list