Joe Junkin » Postfix http://joe.junkin.com Life as it happens Thu, 14 Jan 2010 23:34:22 +0000 http://wordpress.org/?v=2.8.5 en hourly 1 Postfix – rejects non-existing accounts http://joe.junkin.com/2006/11/28/postfix-rejects-non-existing-accounts/ http://joe.junkin.com/2006/11/28/postfix-rejects-non-existing-accounts/#comments Tue, 28 Nov 2006 23:34:41 +0000 jjunkin http://joe.junkin.com/?p=11 One of the biggest differences between Postfix and qmail is that Postfix comes out of the box (more readily) configured for anti-spam functionality. A big feature (for us) is that Postfix will immediately reject messages targeted at accounts that do not exist. It appears to immediately disconnect and short circuit the connection.

At a minimum, I would guess that this feature alone reduces the level of spam actually received by 95% or more. It’s incredible to watch the spammers connect with absurd account names and try to deliver a message. Spammer connections occur about 1 every few seconds. I understand that they will often try dictionary attacks, but the account names that are attempted to be delivered are almost always bizzare mispellings. My hunch is that the spammers are hoping our server will actually bounce the message back to the forged ‘To’ address (which it used to do).

At any rate Postfix handily rejects these messages quickly, short circuiting the spammers. This saves a lot of load on the mail server. It never receives the message, once it determines the message is targeted for a non-existant account it rejects the delivery attempt.

In qmail, this was a major pain in the ass and was poorly documented. There is a patch called ‘validrcptto’ but it was a pain to get operational. Everything in qmail is a patch and a pain.

]]> http://joe.junkin.com/2006/11/28/postfix-rejects-non-existing-accounts/feed/ 0 Goodbye to qmail http://joe.junkin.com/2006/11/11/goodbye-to-qmail/ http://joe.junkin.com/2006/11/11/goodbye-to-qmail/#comments Sat, 11 Nov 2006 23:31:59 +0000 admin http://joe.junkin.com/?p=9 We have been a qmail shop since 1997 and I for one am fed up with qmail. Good god it’s been stuck at 1.03 since I started using it and now has a myriad of patches. It can only be installed from source, and there are quite a few sources required. I had difficulty getting the patches I wanted to work. Support has always been poor and documentation weak (except for the excellent http://www.lifewithqmail.org/). When we began rebuilding our unix platform from the bottom up we decided to bail on our old friend qmail.

One interesting thing: In the last year or so we began to be targeted with massive amounts of spam being sent to nonexisitant accounts at all of our domains (we have about 10). My haunch is that the spammers were actually counting on the bounces that our server produced to send spam. I tried a few times to configure the validrcptto patch to stop this but was unable to get it to work. The amount of bounces went from almost zero to hundreds or thousands a day.

Good riddence to qmail!

]]> http://joe.junkin.com/2006/11/11/goodbye-to-qmail/feed/ 0