Need advice for setting up mail server

Valeri Galtsev galtsev at kicp.uchicago.edu
Wed Aug 10 14:31:58 UTC 2016


On Wed, August 10, 2016 2:07 am, Niklaas Baudet von Gersdorff wrote:
> Valeri Galtsev [2016-08-08 09:51 -0500] :
>
>> > In /usr/local/etc/spamd/spamd.conf I use two of the example
>> > lists:
>> >
>> >   all:\
>> >     :uatraps:nixspam:
>> >
>> >   # University of Alberta greytrap hits.
>> >   # Addresses stay in it for 24 hours from time they misbehave.
>> >   uatraps:\
>> >     :black:\
>> >     :msg="Your address %A has sent mail to a ualberta.ca spamtrap\n\
>> >     within the last 24 hours":\
>> >     :method=http:\
>> >     :file=www.openbsd.org/spamd/traplist.gz
>> >
>> >   # Nixspam recent sources list.
>> >   # Mirrored from http://www.heise.de/ix/nixspam
>> >   nixspam:\
>> >     :black:\
>> >     :msg="Your address %A is in the nixspam list\n\
>> >     See http://www.heise.de/ix/nixspam/dnsbl_en/ for details":\
>> >     :method=http:\
>> >     :file=www.openbsd.org/spamd/nixspam.gz
> [...]
>> quick question here. The alleged spam message was never accepted here,
>> instead "SMTP error is generated" telling one of the reasons above,
>> right?
>> In other words, this will not be a source of "backscatter" (to the
>> contrary to accepting message then sending non-delivery notification to
>> sender whose address could have been forged).
>
> spamd.conf(5) says:
>
>   Each blacklist must include a message, specified in the msg
>   capability as a string.  If the msg string is enclosed in
>   double quotes, the characters in the quoted string are escaped
>   as specified in getcap(3) with the exception that a colon (:)
>   is allowed in the quoted string.  The resulting string is used
>   as the mes- sage.  Alternatively, if the msg string is not
>   specified in quotes, it is assumed to be a local filename from
>   which the message text may be read.
>
>   The message is configured in spamd(8) to be displayed in the
>   SMTP dialogue to any connections that match addresses in the
>   blacklist.  The sequence \" in the message will produce
>   a double quote in the output.  The sequence %% will produce
>   a single % in the output, and the sequence %A will be expanded
>   in the message by spamd(8) to display the connecting IP address
>   in the output.
>
> Since the message is "to be displayed in the SMTP dialogue",
> I also think that backscatter isn't possible. As you said the
> message won't be accepted.
>
> In addition spamd(8) does the following:
>
>   When a sending host talks to spamd, the reply will be
>   stuttered.  That is, the response will be sent back a character
>   at a time, slowly.  For blacklisted hosts, the entire dialogue
>   is stuttered.  For greylisted hosts, the default is to stutter
>   for the first 10 seconds of dialogue only.
>
> So chances are quite high that a blacklisted malicious host will
> give up at some point (before getting the error) anyway.
>
>     Niklaas

Thanks Niklaas! Both of your posts are very instructive.

Valeri

++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++


More information about the freebsd-questions mailing list