 |
| Prev-20 | Home | Next-20 |
| Prev-20 | Home | Next-20 |
| Prev-Msg | Prev-Thread | Postfix-users | Mar-2008 | Next-Thread | Next-Msg |
| Subject: | Re: mail flow architecture |
| Group: | Postfix-users |
| From: | Jorey Bump |
| Date: | 12 Mar 2008 |
> As I say, Our FIRTS need is:
> - some hints for using RBL "safely" (NO great chances of experiments in
> production box). Or any other way to limit the incoming mail traffic,
> but simple to implement because the server is old and busy ...
Consider Nolisting:
http://nolisting.org/
The page is detailed because it must be set up precisely, but the
concept is simple: Designate a single primary MX that is never
available. Designate your real MX host(s) at the next priority. This
will immediately block as much as half (or even more) of the zombie spam
aimed at your machine, without consuming any additional resources.
Legitimate mailers will retry delivery immediately, unlike traditional
greylisting, so there is little penalty. You don't have to configure
anything on your MTA, just set a DNS record and preferably use a
firewall to quickly reject with a TCP RESET on the blocked primary MX
IP. If you don't like the results, you can easily restore your previous
setup. However, you might find some instant relief if your server is
truly taxed.
If you're feeling adventurous, you can add Selective Unlisting to target
specific problematic networks, requiring them to try your MX hosts in order:
http://unlisting.org/selective.html
Don't apply Unlisting to all connections, or you will have problems with
some big ESPs like Gmail. It's handy to use selectively for networks
that aren't a critical source of mail.
| Prev-Msg | Prev-Thread | Postfix-users | Mar-2008 | Next-Thread | Next-Msg |