On Sun, Nov 03, 2013 at 12:39:25PM -0400, rwebb@ropeguru.com wrote:
I am looking for some info on current practice for an email server and SMTP delivery. It has been a while since I have had to setup an email server and I have been tasked with setting up a small one for a friend. My question centers around the server sending outgoing email and the current practices requirements for other servers to accept email Things like rDNS, SPF records, etc...
If you want to minimize your hassles: make sure you have matching non-generic DNS/rDNS. ("non-generic" meaning something that looks like a host that should sending and receiving email. In other words, mailgw.example.net looks real. ip-137-12-16-164.example.com looks like a random host that's probably part of a botnet.) Make sure that you HELO/EHLO as the same host -- unless there's some good reason not to. There probably isn't. SPF is worthless crap: don't bother. Use a real MTA, e.g., postfix or sendmail or exim or courier. Consider adjusting the settings to make them as conservative as you can while still leaving you with a functional setup. (e.g., if your MTA supports connection rate throttling, use it.) Read your logs. Use the Spamhaus DROP and EDROP lists, and use them bidirectionally. If your MTA supports "greetpause" or similar mechanisms, use it. Graylisting is still reasonably effective as well. Don't use a quarantine, it's a horrible idea. (Ask RSA how that worked out for them.) Make sure you don't backscatter. Make sure you don't use SMTP "callouts", which are just as abusive as spam. Make sure you have working "postmaster" and "abuse" addresses. Make sure your MTA doesn't emit or respond to return-receipts. Read your logs (again). ---rsk