unwise filtering policy from cox.net
Rich Kulawiec
rsk at gsp.org
Wed Nov 21 15:04:24 UTC 2007
On Wed, Nov 21, 2007 at 06:51:42AM +0000, Paul Ferguson wrote:
> Sure, it's an "unfortunate limitation", but I hardly think it's
> an issue to hand-wave about and say "oh, well".
>
> Suggestions?
There are numerous techniques available for addressing this problem.
Which one(s) to use depends on the site's mail architecture, so I'm
not going to try to enumerate them all -- only to give a few examples.
Example 1: exempt abuse@ address from all anti-* processing; just deliver
it. All the MTA's I've worked with provide features to support this;
it's also sometimes necessary to make that exemption elsewhere (e.g.,
in programs called invoked as milters). Oh, and don't greylist it either.
Example 2: if using a multi-tier architecture (increasingly a good
idea, as it insulates internal traffic from the beating often inflicted
by external traffic) then re-route abuse@ mail to its own dedicated system
(using a mechanism like the sendmail virtual user table or equivalent).
Make that system something relatively impervious, and choose hardware
that can be replaced quickly at low cost. (My suggestion: OpenBSD
on a Sparc Ultra 2, and use mutt as the mail client. Keep a couple
of spares in the basement, they're dirt-cheap.)
---Rsk
More information about the NANOG
mailing list