[kwlug-disc] So, I took the plunge... Mail In A Box
Chamunks
chamunks at gmail.com
Tue Feb 20 19:03:53 EST 2018
This is attempt number two to send this. The Google Inbox mail interface
isn't as mailing list friendly as Gmail.
Thank you very much Andrew that's very insightful I'll have to double
check what MAIB's defaults are. I know that they're way better defaults
then what ships via APT
On Tue, Feb 20, 2018, 4:35 PM Bob B <bob at softscape.ca> wrote:
> I think you meant this to the list....
>
> > -----Original Message-----
> > From: Chamunks [mailto:chamunks at gmail.com]
> > Sent: Tuesday, February 20, 2018 3:34 PM
> > To: Bob B
> > Subject: Re: [kwlug-disc] So, I took the plunge... Mail In A Box
> >
> > Thank you very much Andrew that's very insightful I'll have to double
> > check what MAIB's defaults are. I know that they're way better defaults
> > then what ships via APT
> >
> >
> > On Tue, Feb 20, 2018, 1:48 PM Bob B <bob at softscape.ca> wrote:
> >
> >
> > Thanks for checking that. I must've mis-interpreted Teksavvy's
> > position on that then, oh well.
> >
> > BB
> >
> >
> > > -----Original Message-----
> > > From: kwlug-disc [mailto:kwlug-disc-bounces at kwlug.org] On Behalf
> > Of
> > > Chamunks
> > > Sent: Tuesday, February 20, 2018 1:11 PM
> > > To: KWLUG discussion
> > > Subject: Re: [kwlug-disc] So, I took the plunge... Mail In A Box
> > >
> > > @bob, I've managed to telnet into Google's servers with my home
> > connection
> > > using a Teksavvy ppoe connection and static IP. I just wish that
> > the miab
> > > script would run on a raspberry pi I'd run it from home instead.
> > >
> > >
> > > On Mon, Feb 19, 2018, 10:21 PM Andrew Kohlsmith (mailing lists
> > account)
> > > <aklists at mixdown.ca> wrote:
> > >
> > >
> > > On Feb 19, 2018, at 1:18 PM, doug moen
> > <doug at moens.org> wrote:
> > > One of the things you need for an email server is a
> > high
> > > quality IP address that won't be blacklisted by DNS black hole
> > spam
> > > filtering. Most of my spam is rejected based on the IP address.
> So
> > you
> > > need to own a static IP address, and establish a high reputation
> > for it.
> > > That might be hard if the IP address lives in a bad
> neighbourhood,
> > eg a
> > > residential IP block, or maybe even a cloud VPS block.
> > >
> > >
> > > I’ve run my own email server since 2001 (used to be qmail,
> > but for
> > > the last decade at least it’s been postfix). I do a very light
> > spam
> > > filtering, but am religious about keeping my IPs squeaky clean to
> > avoid
> > > blacklists.
> > >
> > > For almost that entire time I’ve been using colocated
> server
> > space
> > > from Mark Steffen (local guy, hangs out on this list too) and in
> > the most
> > > recent incarnation as colocated space with his Indieserve
> networks
> > > company.
> > >
> > > The only time I’ve had issues with blacklists has been when
> > I’ve
> > > messed something up. As far as “IP neighbourhoods” goes, Mark
> runs
> > a
> > > pretty tight ship. I’m happy to recommend his network for your
> VPS
> > or
> > > colocation needs.
> > >
> > > Other things which go a long way to preventing your domain
> > from
> > > getting blacklisted involve basic good netizen things:
> > > * have a reverse IP mapping set up correctly and matching
> > your SMTP
> > > server banner
> > > * have correct (and tight) SPF DNS entries
> > >
> > > As far as how I limit my own exposure to spam in postfix:
> > > Obvious things for smtpd_sender_restrictions:
> > > * tighten up relay_domains and relay_networks
> > > * use basic helo_checks as low-cost rejection
> > > * refuse_unknown_sender_domain
> > >
> > > Less obvious things for smtpd_sender_restrictions:
> > > * reject_non_fqdn_sender
> > > * reject_invalid_hostname
> > >
> > > and for smtpd_recipient_restrictions:
> > > * basic helo_checks
> > > * basic client_checks
> > > * reject_unauth_destination
> > > * reject_invalid_hostname
> > > * reject_non_fqdn_hostname
> > > * reject_non_fqdn_sender
> > > * reject_non_fqdn_recipient
> > > * reject_unknown_sender_domain
> > > * reject_unknown_recipient_domain
> > > * reject_rbl_client zen.spamhaus.org
> > > * reject_unauth_pipelining
> > >
> > > As you can see, I’m only using one RBL. spamhaus is pretty
> > reliable
> > > and they don’t have a hair-trigger anaphylactic reaction to an
> > individual
> > > spam report from some random internet user like other lists.
> > >
> > >
> > > The basic helo_checks and sender/client checks just reject
> > mail
> > > outright if the server contacting me claims to be mixdown.ca or
> > localhost,
> > > or if they claim to be coming from an RFC1918 IP space.
> > >
> > > Also recommended, but probably doesn’t do anything for spam
> > is to
> > > set up SSL/TLS and tighten up the acceptable ciphers/hashes. I
> did
> > the
> > > same for my web server and that took a LOT of tweaking and
> testing
> > to get
> > > the A+ ratings from the various online checkers. I’d also
> > recommend
> > > obfuscating the SMTP software banner so help prevent people from
> > targeting
> > > specific attacks against your software, should anything subtle
> > show up
> > > before you read about it and fix it.
> > >
> > > For email, mxtoolbox.com is pretty good. They’ll also do
> > blacklist
> > > checks.
> > >
> > > -A.
> > >
> > > _______________________________________________
> > > kwlug-disc mailing list
> > > kwlug-disc at kwlug.org
> > > http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
> > >
> >
> >
> >
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20180221/cbf7b82f/attachment.htm>
More information about the kwlug-disc
mailing list