I'm new to the EFA-Project, and I'm very impressed with the project so far. I am using the VMWare image in front of a Kerio Connect mail server with good results. There are a few features that were available to me using Kerio's built-in spam filters that I have not yet been able to replicate in the EFA project. I'd like some advice from more experienced users on these topics.
First, is it possible to introduce an artificial delay to the SMTP greeting? Legitimate mail servers will typically wait at least 2 minutes before closing the connection, while spam engines may wait only a few seconds. This adjustment will eliminate a significant amount of spam, without causing any loss of legitimate email. The only minor drawback to this setting is that Internet email will take an additional 25 seconds to receive. I will also need to enable IP address exclusion so that internal users will not be affected by this setting.
Second, I'd like to block a message if the sender's mail domain was not found in DNS. This option should be enabled. It confirms that the sender's mail address exists as a valid domain. Any legitimate message should contain a valid sender address.
Finally, I read an earlier post regarding validating SPF before SQLGrey filters messages. Another possible feature would be to replace the SQLGrey reject with an SMTP delay so that messages aren't rejected at first, but rather delayed.
I appreciate any thoughts or advice on these topics.
New user: Feature questions, SMTP delay HELO
Re: New user: Feature questions, SMTP delay HELO
Welcome irow,irow wrote: First, is it possible to introduce an artificial delay to the SMTP greeting? Legitimate mail servers will typically wait at least 2 minutes before closing the connection, while spam engines may wait only a few seconds. This adjustment will eliminate a significant amount of spam, without causing any loss of legitimate email. The only minor drawback to this setting is that Internet email will take an additional 25 seconds to receive. I will also need to enable IP address exclusion so that internal users will not be affected by this setting.
Second, I'd like to block a message if the sender's mail domain was not found in DNS. This option should be enabled. It confirms that the sender's mail address exists as a valid domain. Any legitimate message should contain a valid sender address.
Finally, I read an earlier post regarding validating SPF before SQLGrey filters messages. Another possible feature would be to replace the SQLGrey reject with an SMTP delay so that messages aren't rejected at first, but rather delayed.
I appreciate any thoughts or advice on these topics.
ok, for the first question about the delays, yes we know.. spambots mostly PRE-GREET the MTA and speek before they allowed...
this is something that i hope will be implemented on the next EFA version as we need POSTSCREEN feature from postfix,
and the EFA using postfix 2.6.6 (CentOS 6.6 Repo) and POSTSCREEN implemented on ver 2.8 and later.
there is also no drawback because POSTSCREEN using temporery whitelist for IPs that passed
first greeting so they dont need to wait again for X time.
Second, i think it's active by default.. check in /etc/postfix/main.cf where:
smtpd_sender_restrictions = permit_sasl_authenticated, reject_unknown_sender_domain ..
if you see reject_unknown_sender_domain postfix will reject unknown domains, if not, add it.
Third, you read my post
, i didn't quite understand, delay the message if it "FAIL" and not reject?
if SPF failed this is 99% froud,virus,spambot,trojan etc.. the last 1% is misconfigure SPF syntex by the IT.
here is a scanerio,
Microsoft for example using restrictive SPF (-all signed).
i claim that i'm bill.gates@microsoft.com for example..
if this is happen and it come from unknown source you want this message to delay?
think again,
Regards,
Zohman.
Re: New user: Feature questions, SMTP delay HELO
Thanks for the information. I look forward to future releases of EFA. You are correct that reject_unknown_sender_domain is enabled by default.