[RCU] Misconfigured Mailing List DNS
roundcube at ptld.com
roundcube at ptld.com
Sun Aug 15 20:42:57 CEST 2021
>> But im starting to get the idea that most administrators don't care
>> enough to fix these problems because this isn't the only
>> email-industry related mailing list with these issues. And yes it
>> matters as we ALL want to reduce spam in the world. Im not attacking
>> anyone's pride here, im just trying to be the squeaky wheel to make
>> the email world a better place.
> in the real world most spam comes with fine DKIM/SPF these days
Some spam does, in my experience not most. These are usually over night
spammers who setup a VPS and run as many emails as they can until it
gets burned and the host company shuts them down. They are short lived.
And again, in my experience, these over night operations do not put a
lot of effort into setting everything up correctly and i can filter 99%
of them by just checking client PTR/HELO for FCrDNS. Any serious
professional email service with established dedicated email servers
setup proper FCrDNS. I have yet to hear one argument for NOT doing so
other than "i can get away with being lazy because the RFC's say people
still have to accept my misconfigured system." That is the hill you want
to stand on?
> but i see 99.9% of all spam blocked here over many years
Not sure what that means, its vague.
> bullshit, the real solution would be that IPS's block outgoing
> connections to port 25 unless the customer requests a mailserver
Like most things in life, nothing is black and white and there is rarely
ONE solution, a silver bullet, to solve a complex issue. True having
proper FCrDNS is just one part of preventing spam it is not the end all
be all answer. Just like having all ISP's block port 25 would ALSO have
a part in preventing spam it is not the end all be all answer. It takes
a multi prong approach.
Now none of us on this mailing list can cause all ISP to block port 25.
But we can within our own worlds, do our part by having proper mail
server configurations including FCrDNS, DKIM, SPF, DMARC, etc. And i
don't need to have all ISP's block port 25 when we have access to IP
databases which tell us if and IP is registered to a residential ISP. I
can block all residential connections on port 25 myself without relying
on the ISP to do it.
> from none of my networks you can connect to any MX out there - so it's
> even not needed that the ISP does it - just block port 25 everywhere
> unless the machine is a submission server
Im not fully following what you are trying to say here. But i think you
are saying the same thing i just said above about we can block ISP
> and seperate inbound/outbound mails - your submission server don't
> need 25 open, that's what 587 is for
Not sure what you are going on about here either. No one ever said to
use port 25 for customer submission. Port 25 is for server to server
delivery. Port 25 is where SMTP clients *MUST* have valid FCrDNS. Port
25 is where the roundcube mailing list is delivering email with a FQDN
for their HELO that does not match the client delivering the mail as the
RFC's require when it say *MUST*.
> to believe FCrDNS would solve the spam problem is naive
I never said it would solve ALL spam, i said it is a part of the multi
prong approach to preventing spam. Or you believe since no one method is
the silver bullet to stopping all spam we should do none of them and
allow spam to thrive? Does spamassassin alone stop all spam? Does RBL's
alone stop all spam? Does blocking ISP port 25 alone stop all spam? You
get the point.
More information about the users