From owner-freebsd-questions@freebsd.org Sat Mar 30 15:15:00 2019 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4FA0C155480C for ; Sat, 30 Mar 2019 15:15:00 +0000 (UTC) (envelope-from kremels@kreme.com) Received: from mail.covisp.net (mail.covisp.net [65.121.55.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B5B2F8C0EC for ; Sat, 30 Mar 2019 15:14:59 +0000 (UTC) (envelope-from kremels@kreme.com) From: "@lbutlr" Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Subject: Re: Why is Sendmail still around? Date: Sat, 30 Mar 2019 09:14:57 -0600 References: <4101a1092141b58e05ef7552278b15ff@kathe.in> <20190329121212.1f12fed7.freebsd@edvax.de> <20190329140110.3c7102ef876f3a1e58ea467b@sohara.org> <20190330034114.54ae2511.freebsd@edvax.de> <20190330145410.17cfd72d@gumby.homeunix.com> To: "James B. Byrne via freebsd-questions" In-Reply-To: <20190330145410.17cfd72d@gumby.homeunix.com> Message-Id: <6F74B111-CE53-4122-ACBE-1AB0311FE224@kreme.com> X-Mailer: Apple Mail (2.3445.104.8) X-Rspamd-Queue-Id: B5B2F8C0EC X-Spamd-Bar: ++ Authentication-Results: mx1.freebsd.org; spf=pass (mx1.freebsd.org: domain of kremels@kreme.com designates 65.121.55.42 as permitted sender) smtp.mailfrom=kremels@kreme.com X-Spamd-Result: default: False [2.66 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.13)[-0.131,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; MISSING_MIME_VERSION(2.00)[]; MIME_GOOD(-0.10)[text/plain]; MIME_TRACE(0.00)[0:+]; DMARC_NA(0.00)[kreme.com]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(-0.02)[asn: 209(-0.05), country: US(-0.07)]; TO_DN_ALL(0.00)[]; MX_GOOD(-0.01)[cached: mail.covisp.net]; NEURAL_SPAM_LONG(0.60)[0.603,0]; NEURAL_HAM_SHORT(-0.38)[-0.383,0]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_COUNT_ZERO(0.00)[0]; RCVD_IN_DNSWL_LOW(-0.10)[42.55.121.65.list.dnswl.org : 127.0.5.1]; R_DKIM_NA(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; ASN(0.00)[asn:209, ipnet:65.112.0.0/12, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; FROM_EQ_ENVFROM(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Mar 2019 15:15:00 -0000 On 30 Mar 2019, at 08:54, RW via freebsd-questions = wrote: > On Sat, 30 Mar 2019 03:41:14 +0100 Polytropon wrote: >=20 >> On Fri, 29 Mar 2019 14:01:10 +0000, Steve O'Hara-Smith wrote: >=20 >>> I wouldn't attempt to run an outgoing mail server doing >>> direct MX lookup and delivery these days they anti-spam measures >>> are a nightmare. OTOH reliable delivery relays are not that common >>> either. =20 >>=20 >> Yes, it's not as easy anymore... You have to fight "we know better >> than you!" providers who consider every IP from a dynamic range >> a spammer, That is a fight you cannot ever win. > They pretty much have to. Most spam is caught by simple DNS based > tests which rely on assuming that no dynamic IP addresses sends direct > to MX. In particular most blocklists can't distinguish between a spam > source and a dynamic address, because an infected machine can cause=20 > hundreds of dynamic addresses to be listed. I consider every mail from a dynamic IP address to be a spammer. There = is *NO* reason for someone on a dynamic IP to be sending mail directly = to my mailserver, they need to use their provider's mailserver or some = mailserver that trusts them. I've been running a mail server since 1993, and one of the first things = I did when spam really started to become a problem was to try to block = dynamic pools (this was long before RBLs). In fact, the primary reason that I switched to postfix was for better = tools to match helo and rDNS names for the purpose of blocking spam = (which was nearly all from dynamic pools in the early days of spam). I still have 1500+ lines of checks, probably unneeded now, that look for = common dynamic pool tokens and reject them. --=20 Im finding's you'r mis'use of apostrophe's disturbing.