Email Server and DNS
rsk at gsp.org
Sun Nov 3 17:08:59 UTC 2013
On Sun, Nov 03, 2013 at 12:39:25PM -0400, rwebb at ropeguru.com wrote:
> I am looking for some info on current practice for an email server
> and SMTP delivery. It has been a while since I have had to setup an
> email server and I have been tasked with setting up a small one for
> a friend. My question centers around the server sending outgoing
> email and the current practices requirements for other servers to
> accept email Things like rDNS, SPF records, etc...
If you want to minimize your hassles: make sure you have matching
non-generic DNS/rDNS. ("non-generic" meaning something that looks
like a host that should sending and receiving email. In other
words, mailgw.example.net looks real. ip-137-12-16-164.example.com
looks like a random host that's probably part of a botnet.)
Make sure that you HELO/EHLO as the same host -- unless there's
some good reason not to. There probably isn't.
SPF is worthless crap: don't bother. Use a real MTA, e.g., postfix
or sendmail or exim or courier. Consider adjusting the settings to
make them as conservative as you can while still leaving you with a
functional setup. (e.g., if your MTA supports connection rate throttling,
use it.) Read your logs. Use the Spamhaus DROP and EDROP lists, and
use them bidirectionally. If your MTA supports "greetpause" or similar
mechanisms, use it. Graylisting is still reasonably effective as well.
Don't use a quarantine, it's a horrible idea. (Ask RSA how that worked
out for them.) Make sure you don't backscatter. Make sure you don't
use SMTP "callouts", which are just as abusive as spam. Make sure you
have working "postmaster" and "abuse" addresses. Make sure your MTA
doesn't emit or respond to return-receipts. Read your logs (again).
More information about the NANOG