[TriLUG] Why the big boys block mail from dynamic IPs

[Ken Mink]

It's because of idiots like me.

A few weeks ago, I decided to use my server at home to host my own smtp
server. I was tired of mail spending hours and sometimes days going
between RR's mail servers. I went with Postfix and spent a fair amount
of time testing my configuration. I tested my server from a number of
the open relay test sites and it passed all of them.

This morning, I noticed that a message I had sent to another list had
not shown up. I logged in and did 'postqueue -p'. The screen just kept
scrolling and scrolling. There were 64k messages in my incoming queue. I
was baffled. Well, it turns out I had made a small config mistake and I
was open to relaying from .nc.rr.com. Some spam bot inside nc.rr.com had
found me and was pumping mail through.

I have fixed my mistake, but have also thrown up the shields(iptables)
while I rethink the mail server idea.

You can't test enough.

Ken
-- 
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."--Benjamin Franklin
" 'Necessity' is the plea for every infringement of human liberty; it
is the argument of tyrants; it is the creed of slaves."--William Pitt 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://www.trilug.org/pipermail/trilug/attachments/20030918/cc852f9b/attachment.pgp>