[RCU] Misconfigured Mailing List DNS

roundcube at ptld.com roundcube at ptld.com
Sun Aug 15 20:42:57 CEST 2021


>> But im starting to get the idea that most administrators don't care 
>> enough to fix these problems because this isn't the only 
>> email-industry related mailing list with these issues. And yes it 
>> matters as we ALL want to reduce spam in the world. Im not attacking 
>> anyone's pride here, im just trying to be the squeaky wheel to make 
>> the email world a better place.
> 
> in the real world most spam comes with fine DKIM/SPF these days

Some spam does, in my experience not most. These are usually over night 
spammers who setup a VPS and run as many emails as they can until it 
gets burned and the host company shuts them down. They are short lived. 
And again, in my experience, these over night operations do not put a 
lot of effort into setting everything up correctly and i can filter 99% 
of them by just checking client PTR/HELO for FCrDNS. Any serious 
professional email service with established dedicated email servers 
setup proper FCrDNS. I have yet to hear one argument for NOT doing so 
other than "i can get away with being lazy because the RFC's say people 
still have to accept my misconfigured system." That is the hill you want 
to stand on?


> but i see 99.9% of all spam blocked here over many years

Not sure what that means, its vague.


> bullshit, the real solution would be that IPS's block outgoing
> connections to port 25 unless the customer requests a mailserver

Like most things in life, nothing is black and white and there is rarely 
ONE solution, a silver bullet, to solve a complex issue. True having 
proper FCrDNS is just one part of preventing spam it is not the end all 
be all answer. Just like having all ISP's block port 25 would ALSO have 
a part in preventing spam it is not the end all be all answer. It takes 
a multi prong approach.

Now none of us on this mailing list can cause all ISP to block port 25. 
But we can within our own worlds, do our part by having proper mail 
server configurations including FCrDNS, DKIM, SPF, DMARC, etc. And i 
don't need to have all ISP's block port 25 when we have access to IP 
databases which tell us if and IP is registered to a residential ISP. I 
can block all residential connections on port 25 myself without relying 
on the ISP to do it.


> from none of my networks you can connect to any MX out there - so it's
> even not needed that the ISP does it - just block port 25 everywhere
> unless the machine is a submission server

Im not fully following what you are trying to say here. But i think you 
are saying the same thing i just said above about we can block ISP 
connections ourselves.


> and seperate inbound/outbound mails - your submission server don't
> need 25 open, that's what 587 is for

Not sure what you are going on about here either. No one ever said to 
use port 25 for customer submission. Port 25 is for server to server 
delivery. Port 25 is where SMTP clients *MUST* have valid FCrDNS. Port 
25 is where the roundcube mailing list is delivering email with a FQDN 
for their HELO that does not match the client delivering the mail as the 
RFC's require when it say *MUST*.


> to believe FCrDNS would solve the spam problem is naive

I never said it would solve ALL spam, i said it is a part of the multi 
prong approach to preventing spam. Or you believe since no one method is 
the silver bullet to stopping all spam we should do none of them and 
allow spam to thrive? Does spamassassin alone stop all spam? Does RBL's 
alone stop all spam? Does blocking ISP port 25 alone stop all spam? You 
get the point.


More information about the users mailing list