Question about: postfix/smtpd[ ]: connect from unknown[unknown]

classic Classic list List threaded Threaded
41 messages Options
123
J4K
Reply | Threaded
Open this post in threaded view
|

Question about: postfix/smtpd[ ]: connect from unknown[unknown]

J4K
Hi there,

    Quick question about this error I saw in the logs just now.    There
is a note about it on Ralf's  page  [
http://www.arschkrebs.de/postfix/postfix_unknown.shtml ], but I am
trying to work out if its a problem or not caused by my postfix
implementation.   The server really has no load. Its idle.  After the
connect from unknown [unknown], mail reception continued as usual.

One change was made to-day, and was the activation of dkim-filter for
before and after queue processing, although the dkim-filter has been
running fine for the past 5 hours.

I would like to know whether the problem is my end or its a client being
naughty.

Best wishes, S.

Feb  2 17:09:28 logout postfix/smtpd[1599]: connect from unknown[unknown]
Feb  2 17:09:28 logout postfix/smtpd[1599]: lost connection after
CONNECT from unknown[unknown]
Feb  2 17:09:28 logout postfix/smtpd[1599]: disconnect from unknown[unknown]
Feb  2 17:09:51 logout postfix/smtpd[1599]: warning: 190.51.205.122:
hostname 190-51-205-122.speedy.com.ar verification failed: No address
associated with hostname
Feb  2 17:09:51 logout postfix/smtpd[1599]: connect from
unknown[190.51.205.122]
Feb  2 17:09:51 logout postfix/smtpd[1599]: lost connection after
CONNECT from unknown[190.51.205.122]
Feb  2 17:09:51 logout postfix/smtpd[1599]: disconnect from
unknown[190.51.205.122]
Feb  2 17:09:52 logout postfix/smtpd[1599]: warning: 190.51.205.122:
hostname 190-51-205-122.speedy.com.ar verification failed: No address
associated with hostname
Feb  2 17:09:52 logout postfix/smtpd[1599]: connect from
unknown[190.51.205.122]
Feb  2 17:09:52 logout postfix/smtpd[1599]: lost connection after
CONNECT from unknown[190.51.205.122]
Feb  2 17:09:52 logout postfix/smtpd[1599]: disconnect from
unknown[190.51.205.122]
Feb  2 17:13:12 logout postfix/anvil[1555]: statistics: max connection
rate 2/60s for (smtp:190.51.205.122) at Feb  2 17:09:52
Feb  2 17:13:12 logout postfix/anvil[1555]: statistics: max connection
count 1 for (smtp:64.74.157.82) at Feb  2 17:04:50
Feb  2 17:13:12 logout postfix/anvil[1555]: statistics: max cache size 3
at Feb  2 17:09:51

Reply | Threaded
Open this post in threaded view
|

Re: Question about: postfix/smtpd[ ]: connect from unknown[unknown]

Wietse Venema
J4K:
> Feb  2 17:09:28 logout postfix/smtpd[1599]: connect from unknown[unknown]
> Feb  2 17:09:28 logout postfix/smtpd[1599]: lost connection after
> CONNECT from unknown[unknown]

The client disconnected before Postfix could ask the KERNEL for
the client IP address. Either your server is too slow or the client
is too impatient.

> Feb  2 17:09:52 logout postfix/smtpd[1599]: connect from
> unknown[190.51.205.122]
> Feb  2 17:09:52 logout postfix/smtpd[1599]: lost connection after
> CONNECT from unknown[190.51.205.122]

The client disconnected before Postfix could send the SMTP server
greeting. Either your server is too slow or the client is too
impatient.

        Wietse
J4K
Reply | Threaded
Open this post in threaded view
|

Re: Question about: postfix/smtpd[ ]: connect from unknown[unknown]

J4K
On 02/02/2011 05:23 PM, Wietse Venema wrote:
J4K:
Feb  2 17:09:28 logout postfix/smtpd[1599]: connect from unknown[unknown]
Feb  2 17:09:28 logout postfix/smtpd[1599]: lost connection after
CONNECT from unknown[unknown]
The client disconnected before Postfix could ask the KERNEL for
the client IP address. Either your server is too slow or the client
is too impatient.

Feb  2 17:09:52 logout postfix/smtpd[1599]: connect from
unknown[190.51.205.122]
Feb  2 17:09:52 logout postfix/smtpd[1599]: lost connection after
CONNECT from unknown[190.51.205.122]
The client disconnected before Postfix could send the SMTP server
greeting. Either your server is too slow or the client is too
impatient.

	Wietse
Thank-you Wietse. 

The smtpd has a 'sleep 3' at the start of it.   Might this have been the cause?  If so, then it served the purpose.

smtpd_recipient_restrictions = sleep 3, permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination, reject_non_fqdn_sender, reject_rbl_client hostkarma.junkemailfilter.com=127.0.0.2, reject_rbl_client zen.spamhaus.org

Reply | Threaded
Open this post in threaded view
|

Re: Question about: postfix/smtpd[ ]: connect from unknown[unknown]

Victor Duchovni
On Wed, Feb 02, 2011 at 05:30:52PM +0100, J4K wrote:

> The smtpd has a 'sleep 3' at the start of it.   Might this have been the
> cause?  If so, then it served the purpose.
>
> smtpd_recipient_restrictions = sleep 3,
> permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,
> reject_non_fqdn_sender, reject_rbl_client
> hostkarma.junkemailfilter.com=127.0.0.2, reject_rbl_client zen.spamhaus.org

Unconditional "sleep <n>" applied even to servers that repeatedly pass
the test damages email infrastructure (by forcing legitimate servers
to expand substantially more resources, and delaying their email to
other destinations). Please don't do this. Consider upgrading to Postfix
2.8 and deploying postscreen(8) which remembers which servers pass the
test.

--
        Viktor.
J4K
Reply | Threaded
Open this post in threaded view
|

Re: Question about: postfix/smtpd[ ]: connect from unknown[unknown]

J4K

On 02/02/2011 06:17 PM, Victor Duchovni wrote:

> On Wed, Feb 02, 2011 at 05:30:52PM +0100, J4K wrote:
>
>> The smtpd has a 'sleep 3' at the start of it.   Might this have been the
>> cause?  If so, then it served the purpose.
>>
>> smtpd_recipient_restrictions = sleep 3,
>> permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,
>> reject_non_fqdn_sender, reject_rbl_client
>> hostkarma.junkemailfilter.com=127.0.0.2, reject_rbl_client zen.spamhaus.org
> Unconditional "sleep <n>" applied even to servers that repeatedly pass
> the test damages email infrastructure (by forcing legitimate servers
> to expand substantially more resources, and delaying their email to
> other destinations). Please don't do this. Consider upgrading to Postfix
> 2.8 and deploying postscreen(8) which remembers which servers pass the
> test.
>
Valid point.  I have removed the sleep condition and shall see how much
extra spam is received.  I shall upgrade to 2.8  and postscreen when its
available as a Debian package.

Reply | Threaded
Open this post in threaded view
|

Re: Question about: postfix/smtpd[ ]: connect from unknown[unknown]

Jeroen Geilman
On 2/2/11 7:23 PM, JKL wrote:

> On 02/02/2011 06:17 PM, Victor Duchovni wrote:
>> On Wed, Feb 02, 2011 at 05:30:52PM +0100, J4K wrote:
>>
>>> The smtpd has a 'sleep 3' at the start of it.   Might this have been the
>>> cause?  If so, then it served the purpose.
>>>
>>> smtpd_recipient_restrictions = sleep 3,
>>> permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,
>>> reject_non_fqdn_sender, reject_rbl_client
>>> hostkarma.junkemailfilter.com=127.0.0.2, reject_rbl_client zen.spamhaus.org
>> Unconditional "sleep<n>" applied even to servers that repeatedly pass
>> the test damages email infrastructure (by forcing legitimate servers
>> to expand substantially more resources, and delaying their email to
>> other destinations). Please don't do this. Consider upgrading to Postfix
>> 2.8 and deploying postscreen(8) which remembers which servers pass the
>> test.
>>
> Valid point.  I have removed the sleep condition and shall see how much
> extra spam is received.  I shall upgrade to 2.8  and postscreen when its
> available as a Debian package.

Debian won't have 2.8 in stable until at least 2013, although you may be
able to get it as a backport later this year:

http://packages.debian.org/search?keywords=postfix

They lag behind something awful.

--
J.

Reply | Threaded
Open this post in threaded view
|

Re: Question about: postfix/smtpd[ ]: connect from unknown[unknown]

Stan Hoeppner
In reply to this post by J4K
JKL put forth on 2/2/2011 12:23 PM:

>
> On 02/02/2011 06:17 PM, Victor Duchovni wrote:
>> On Wed, Feb 02, 2011 at 05:30:52PM +0100, J4K wrote:
>>
>>> The smtpd has a 'sleep 3' at the start of it.   Might this have been the
>>> cause?  If so, then it served the purpose.
>>>
>>> smtpd_recipient_restrictions = sleep 3,
>>> permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,
>>> reject_non_fqdn_sender, reject_rbl_client
>>> hostkarma.junkemailfilter.com=127.0.0.2, reject_rbl_client zen.spamhaus.org
>> Unconditional "sleep <n>" applied even to servers that repeatedly pass
>> the test damages email infrastructure (by forcing legitimate servers
>> to expand substantially more resources, and delaying their email to
>> other destinations). Please don't do this. Consider upgrading to Postfix
>> 2.8 and deploying postscreen(8) which remembers which servers pass the
>> test.
>>
> Valid point.  I have removed the sleep condition and shall see how much
> extra spam is received.  I shall upgrade to 2.8  and postscreen when its
> available as a Debian package.

In the mean time, maybe give this a go.  1600+ expressions matching rDNS
patterns of many millions of broadband IPs worldwide that shouldn't be sending
direct SMTP.  Catches quite a bit that PBL/CBL/SORBS-DYNA/etc don't and with
less delay, reduced load on dnsbl servers and your own network.  Potential FPs
will be SOHO and "Linux weenie" MTAs on consumer IPs.  Usage instructions are
comments at the top of the file.  Insert the restriction above/before any
greylisting daemons in main.cf, obviously.  Some on this list and many on the
Dovecot list can testify to its effectiveness.

http://www.hardwarefreak.com/fqrdns.pcre

Of note, I also run Debian Lenny, and the backports Postfix 2.7.1, and have been
using exclusively Debian on my servers since ~2001.

--
Stan
Reply | Threaded
Open this post in threaded view
|

Re: Question about: postfix/smtpd[ ]: connect from unknown[unknown]

Steve Jenkins-3
On Wed, Feb 2, 2011 at 2:33 PM, Stan Hoeppner <[hidden email]> wrote:

> In the mean time, maybe give this a go.  1600+ expressions matching rDNS
> patterns of many millions of broadband IPs worldwide that shouldn't be sending
> direct SMTP.  Catches quite a bit that PBL/CBL/SORBS-DYNA/etc don't and with
> less delay, reduced load on dnsbl servers and your own network.  Potential FPs
> will be SOHO and "Linux weenie" MTAs on consumer IPs.  Usage instructions are
> comments at the top of the file.  Insert the restriction above/before any
> greylisting daemons in main.cf, obviously.  Some on this list and many on the
> Dovecot list can testify to its effectiveness.
>
> http://www.hardwarefreak.com/fqrdns.pcre

I can attest to the awesomeness of Stan's pcre file. I run it on all 5
of our Postfix servers, and it catches a LOT of stuff. From my logs,
what it seems to do best is block zombie mailers on dynamic IPs.

And I updated to your latest version today, Stan. Thanks :)

SteveJ
Reply | Threaded
Open this post in threaded view
|

Re: Question about: postfix/smtpd[ ]: connect from unknown[unknown]

Stan Hoeppner
In reply to this post by Jeroen Geilman
Jeroen Geilman put forth on 2/2/2011 2:56 PM:

> Debian won't have 2.8 in stable until at least 2013, although you may be able to
> get it as a backport later this year:
>
> http://packages.debian.org/search?keywords=postfix
>
> They lag behind something awful.

You're smoke'n crack. ;)  2.7.1 was Wietse's latest stable when Debian froze the
testing code base in prep for the release, which should occur within a month or
so.  Historically Debian has suffered from many stale packages, no argument
there.  But now that the backports project is an official part of Debian, this
situation has become much better.  BTW, I'm running backport 2.7.1.  How is that
lagging behind WRT to a distro package?  Wietse just released 2.8 as stable a
few weeks ago.  Do you expect distro maintainers to have packages ready the next
day? ;)

CentOS 5.5, their latest, ships with Postfix 2.3.3, which hasn't been supported
by Wietse for quite some time.  A new install of CentOS 5.5 gives you an
officially unsupported Postfix, thought I'm sure CentOS will support it.

Now _that_ is "lagging behind something awful".

--
Stan
J4K
Reply | Threaded
Open this post in threaded view
|

Re: Question about: postfix/smtpd[ ]: connect from unknown[unknown]

J4K
In reply to this post by Steve Jenkins-3
On 02/02/2011 11:54 PM, Steve Jenkins wrote:
On Wed, Feb 2, 2011 at 2:33 PM, Stan Hoeppner [hidden email] wrote:
In the mean time, maybe give this a go.  1600+ expressions matching rDNS
patterns of many millions of broadband IPs worldwide that shouldn't be sending
direct SMTP.  Catches quite a bit that PBL/CBL/SORBS-DYNA/etc don't and with
less delay, reduced load on dnsbl servers and your own network.  Potential FPs
will be SOHO and "Linux weenie" MTAs on consumer IPs.  Usage instructions are
comments at the top of the file.  Insert the restriction above/before any
greylisting daemons in main.cf, obviously.  Some on this list and many on the
Dovecot list can testify to its effectiveness.

http://www.hardwarefreak.com/fqrdns.pcre
I can attest to the awesomeness of Stan's pcre file. I run it on all 5
of our Postfix servers, and it catches a LOT of stuff. From my logs,
what it seems to do best is block zombie mailers on dynamic IPs.

And I updated to your latest version today, Stan. Thanks :)

SteveJ
Its a good idea, but this would limit a user from using a server on his residential ADSL from being an Email server, and force them to use their ISPs relay.  Else they might have to upgrade to a business package or spend more money for a static IP address that they can amend the reverse lookup record for.  Pros and cons.

Reply | Threaded
Open this post in threaded view
|

Re: Question about: postfix/smtpd[ ]: connect from unknown[unknown]

Daniel Bromberg
On 2/3/2011 4:44 AM, J4K wrote:
[snip]
I can attest to the awesomeness of Stan's pcre file. I run it on all 5
of our Postfix servers, and it catches a LOT of stuff. From my logs,
what it seems to do best is block zombie mailers on dynamic IPs.

And I updated to your latest version today, Stan. Thanks :)

SteveJ
Its a good idea, but this would limit a user from using a server on his residential ADSL from being an Email server, and force them to use their ISPs relay.
Good.
  Else they might have to upgrade to a business package or spend more money for a static IP address
Even better.
that they can amend the reverse lookup record for. 
Yes, they should be at the level where they have the right to do this.
Pros and cons.
No.

J4K
Reply | Threaded
Open this post in threaded view
|

Re: Question about: postfix/smtpd[ ]: connect from unknown[unknown]

J4K
On 02/03/2011 10:56 AM, Daniel Bromberg wrote:

> On 2/3/2011 4:44 AM, J4K wrote:
>> [snip]
>>> I can attest to the awesomeness of Stan's pcre file. I run it on all 5
>>> of our Postfix servers, and it catches a LOT of stuff. From my logs,
>>> what it seems to do best is block zombie mailers on dynamic IPs.
>>>
>>> And I updated to your latest version today, Stan. Thanks :)
>>>
>>> SteveJ
>> Its a good idea, but this would limit a user from using a server on
>> his residential ADSL from being an Email server, and force them to
>> use their ISPs relay.
> Good.
>>   Else they might have to upgrade to a business package or spend more
>> money for a static IP address
> Even better.
>> that they can amend the reverse lookup record for.  
> Yes, they should be at the level where they have the right to do this.
>> Pros and cons.
> No.
>

True.  Some of the matches don't reject, but prepend this header:
X-GenericStaticHELO
What is this header used for?


Reply | Threaded
Open this post in threaded view
|

Re: Question about: postfix/smtpd[ ]: connect from unknown[unknown]

Postfix User-2
In reply to this post by Stan Hoeppner
On Wed, 02 Feb 2011 18:44:46 -0600
Stan Hoeppner <[hidden email]> articulated:

> Jeroen Geilman put forth on 2/2/2011 2:56 PM:
>
> > Debian won't have 2.8 in stable until at least 2013, although you
> > may be able to get it as a backport later this year:
> >
> > http://packages.debian.org/search?keywords=postfix
> >
> > They lag behind something awful.
>
> You're smoke'n crack. ;)  2.7.1 was Wietse's latest stable when
> Debian froze the testing code base in prep for the release, which
> should occur within a month or so.  Historically Debian has suffered
> from many stale packages, no argument there.  But now that the
> backports project is an official part of Debian, this situation has
> become much better.  BTW, I'm running backport 2.7.1.  How is that
> lagging behind WRT to a distro package?  Wietse just released 2.8 as
> stable a few weeks ago.  Do you expect distro maintainers to have
> packages ready the next day? ;)

FreeBSD had the 2.8 release in its ports system a few days after it was
officially released. The 2.9(beta) release will be released into the
ports system shortly. The original 2.8(beta) was available almost
from its inception. The speed with which a package is made available to
a system is directly proportionate to the amount of time and effort a
maintainer wished to invest.

> CentOS 5.5, their latest, ships with Postfix 2.3.3, which hasn't been
> supported by Wietse for quite some time.  A new install of CentOS 5.5
> gives you an officially unsupported Postfix, thought I'm sure CentOS
> will support it.
>
> Now _that_ is "lagging behind something awful".

CentOS's support for current software is an abomination. I wonder why
anyone takes it seriously.

--
Jerry ✌
[hidden email]
_____________________________________________________________________
TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail
TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html

        1 + 1 = 3, for large values of 1.
Reply | Threaded
Open this post in threaded view
|

Re: Question about: postfix/smtpd[ ]: connect from unknown[unknown]

John Peach-2
In reply to this post by J4K
On Thu, 03 Feb 2011 10:44:13 +0100
J4K <[hidden email]> wrote:

> On 02/02/2011 11:54 PM, Steve Jenkins wrote:
> > On Wed, Feb 2, 2011 at 2:33 PM, Stan Hoeppner <[hidden email]> wrote:
> >> In the mean time, maybe give this a go.  1600+ expressions matching rDNS
> >> patterns of many millions of broadband IPs worldwide that shouldn't be sending
> >> direct SMTP.  Catches quite a bit that PBL/CBL/SORBS-DYNA/etc don't and with
> >> less delay, reduced load on dnsbl servers and your own network.  Potential FPs
> >> will be SOHO and "Linux weenie" MTAs on consumer IPs.  Usage instructions are
> >> comments at the top of the file.  Insert the restriction above/before any
> >> greylisting daemons in main.cf, obviously.  Some on this list and many on the
> >> Dovecot list can testify to its effectiveness.
> >>
> >> http://www.hardwarefreak.com/fqrdns.pcre
> > I can attest to the awesomeness of Stan's pcre file. I run it on all 5
> > of our Postfix servers, and it catches a LOT of stuff. From my logs,
> > what it seems to do best is block zombie mailers on dynamic IPs.
> >
> > And I updated to your latest version today, Stan. Thanks :)
> >
> > SteveJ
> Its a good idea, but this would limit a user from using a server on his
> residential ADSL from being an Email server, and force them to use their
> ISPs relay.  Else they might have to upgrade to a business package or
> spend more money for a static IP address that they can amend the reverse
> lookup record for.  Pros and cons.
>

No cons that I can see.

Reply | Threaded
Open this post in threaded view
|

Re: Question about: postfix/smtpd[ ]: connect from unknown[unknown]

Steve Jenkins-3
In reply to this post by J4K
On Thu, Feb 3, 2011 at 1:44 AM, J4K <[hidden email]> wrote:
> Its a good idea, but this would limit a user from using a server on his
> residential ADSL from being an Email server, and force them to use their
> ISPs relay.  Else they might have to upgrade to a business package or spend
> more money for a static IP address that they can amend the reverse lookup
> record for.  Pros and cons.

It's a GREAT idea. I don't want/need email from users with ADSL or
cable modem servers that refuse to use their ISP's relay. If enough of
us stand firm on our mail acceptance policies to the point where we
force SOHO and "Linux Weenies" to use their ISP's relay (which
shouldn't cost them any money), then SPAMmers would take a huge hit.

SteveJ
Reply | Threaded
Open this post in threaded view
|

Re: Question about: postfix/smtpd[ ]: connect from unknown[unknown]

Jeroen Geilman
In reply to this post by Stan Hoeppner
On 2/3/11 1:44 AM, Stan Hoeppner wrote:
> Jeroen Geilman put forth on 2/2/2011 2:56 PM:
>
>> Debian won't have 2.8 in stable until at least 2013, although you may be able to
>> get it as a backport later this year:
>>
>> http://packages.debian.org/search?keywords=postfix
>>
>> They lag behind something awful.
> You're smoke'n crack. ;)

That stuff is expensive!

>    2.7.1 was Wietse's latest stable when Debian froze the
> testing code base in prep for the release, which should occur within a month or
> so.  Historically Debian has suffered from many stale packages, no argument
> there.  But now that the backports project is an official part of Debian,

See, I did not know this.
Last I used Debian-pure (instead of Ubuntu), you had to mess with
unstable to get up-to-date packages.

> this
> situation has become much better.  BTW, I'm running backport 2.7.1.  How is that
> lagging behind WRT to a distro package?  Wietse just released 2.8 as stable a
> few weeks ago.  Do you expect distro maintainers to have packages ready the next
> day? ;)

I'm prepared to give them a week ;)

> CentOS 5.5, their latest, ships with Postfix 2.3.3, which hasn't been supported
> by Wietse for quite some time.  A new install of CentOS 5.5 gives you an
> officially unsupported Postfix, thought I'm sure CentOS will support it.
>
> Now _that_ is "lagging behind something awful".

Awfulness is had, somehow.


--
J.

Reply | Threaded
Open this post in threaded view
|

Re: Question about: postfix/smtpd[ ]: connect from unknown[unknown]

Stan Hoeppner
In reply to this post by J4K
J4K put forth on 2/3/2011 3:44 AM:

> Its a good idea, but this would limit a user from using a server on his
> residential ADSL from being an Email server,

As the directions in the file itself state, fix situations like this with a
simple whitelist.  Given the number of hobbyist servers your MX will receive
mail from, the whitelist will be very small and easily manageable.

The ratio of hobbyist MTAs to spambots on a given residential subnet is going to
be something like 1:5,000 give or take.  The math speaks in favor of blocking
the spambots and whitelisting the hobby MTAs.

--
Stan
Reply | Threaded
Open this post in threaded view
|

Re: Question about: postfix/smtpd[ ]: connect from unknown[unknown]

Stan Hoeppner
In reply to this post by J4K
J4K put forth on 2/3/2011 4:09 AM:

> True.  Some of the matches don't reject, but prepend this header:
> X-GenericStaticHELO
> What is this header used for?

This exists due to the grey area between "residential" and "business"
classification.  Some providers offer static IP service to small businesses over
cable/xDSL but don't offer custom rDNS.  We don't block on these rDNS patterns
outright because the probability is sufficiently high that the client MTA is
legit vs a spambot.

You, the OP, can use this header for scoring in a content filter such as SA.
Note that you can change this header string to whatever you choose.  You can
also change the PREPEND to REJECT if you so choose.  Modify the file/expressions
any way you see fit to meet your needs.

--
Stan
Reply | Threaded
Open this post in threaded view
|

Re: Question about: postfix/smtpd[ ]: connect from unknown[unknown]

Stan Hoeppner
In reply to this post by Postfix User-2
Jerry put forth on 2/3/2011 5:19 AM:

> FreeBSD had the 2.8 release in its ports system a few days after it was
> officially released. The 2.9(beta) release will be released into the
> ports system shortly. The original 2.8(beta) was available almost
> from its inception. The speed with which a package is made available to
> a system is directly proportionate to the amount of time and effort a
> maintainer wished to invest.

Well, I think there's a bit more to it than that.  Some distros have various
policies in place that hinder rapid inclusion.  That said, if Sahil were
associated with the Debian project instead of or in addition to FreeBSD, we'd
probably see current Postfix backports in Debian more quickly. :)

>> CentOS 5.5, their latest, ships with Postfix 2.3.3, which hasn't been
>> supported by Wietse for quite some time.  A new install of CentOS 5.5
>> gives you an officially unsupported Postfix, thought I'm sure CentOS
>> will support it.
>>
>> Now _that_ is "lagging behind something awful".
>
> CentOS's support for current software is an abomination. I wonder why
> anyone takes it seriously.

I've pondered this myself, and the conclusion I come to is that they are
ignorant newbs who are enamored with the "free" version of Red Hat Enterprise
Linux.  They look at the price tag of RHEL and think they're getting something
good for nothing.  They just don't realize RHEL is not "good" and is years
behind current, and that CentOS is months to years behind RHEL.

I think I summed it up best when I stated CentOS uses an outdated distribution
as their upstream source.

--
Stan
Reply | Threaded
Open this post in threaded view
|

Re: Question about: postfix/smtpd[ ]: connect from unknown[unknown]

Stan Hoeppner
In reply to this post by Steve Jenkins-3
Steve Jenkins put forth on 2/3/2011 11:18 AM:

> On Thu, Feb 3, 2011 at 1:44 AM, J4K <[hidden email]> wrote:
>> Its a good idea, but this would limit a user from using a server on his
>> residential ADSL from being an Email server, and force them to use their
>> ISPs relay.  Else they might have to upgrade to a business package or spend
>> more money for a static IP address that they can amend the reverse lookup
>> record for.  Pros and cons.
>
> It's a GREAT idea. I don't want/need email from users with ADSL or
> cable modem servers that refuse to use their ISP's relay. If enough of
> us stand firm on our mail acceptance policies to the point where we
> force SOHO and "Linux Weenies" to use their ISP's relay (which
> shouldn't cost them any money), then SPAMmers would take a huge hit.

Unfortunately the situation isn't quite that simple.  Note the explanation I
gave for the header prepending.  There are ISPs who only offer xDSL to business
clients, with static IPs, but without custom rDNS, and they don't want these
business clients relaying through their MSAs.  Most are going to run their own
MX MTA anyway.  We don't want to be throwing these babies out with the bath
water, nor the hobbyists.  We're fighting spammers.

The battle that needs to be fought is getting all ISPs to implement TCP 25
outbound filtering across the board for residential lines, and only opening it
upon request.  Some already do this in the states, but relatively few.  That's
the better way to solve the spambot/zombie problem, not penalizing one or two
segments of ISP customers simply because they're on a "residential class"
broadband line.  If a hobbyist knows how to run an MTA properly, and wants to
send/receive directly, we should not discourage that.  And we shouldn't be
penalizing SOHOs doing the same.

Remember, we're fighting spam, not innocent bystanders who simply have the same
connectivity a bot infected PC sits behind.

--
Stan
123