Friends Don't Let Friends Run Postfix
Postfix has become a popular MTA replacing sendmail in many BSD and Linux distributions.
Don't DO IT. Stick with sendmail and save the net! Postfix has one MAJOR flaw, the way it handles undeliverable mail is by using delayed bounce.
When sendmail collects the address information, if it determines the mail is undeliverable, it refuses the mail right then and there. Postfix accepts it, queues it, and then attempts to bounce it back, except it does not send it back to the server it receives it from, NO, it uses the From address and attempts to bounce it back to that address.
Enter the evil spammer. The evil spammer doesn't want to be shutdown, so the evil spammer, all of whom should have their genitalia removed with 20 grit sandpaper to prevent propagation of their evil genes, forges the "From" address. This is trivial since the From address is supplied by user programs, it can be anything it wants to be.
Spammers using other peoples stolen resources don't really care how resource intensive their operation is, after all they're stealing what they need from someone else, that's what makes it so profitable. Consequently, often they'll just try a gazillion addresses. They'll buy lists from other spammers that might have e-mail addresses from a decade ago in it. They'll blast out several hundred forged spams forged as being from someone else's domain.
Now, if it were only sendmail on the Internet; all of the bad addresses would simply be rejected. But nope, now the Internet is polluted with PostF*cked and Postfix queues that crap mail, decides not to deliver it, and then bounces it back to the forged addresses contained in the message headers.
Now the lucky bastard whose domain was used in the forgeries, he gets 99 million bounces. Do I sound a little hostile? Well, yes, I am because I happen to host a domain that has been used by a bastard spammer from hell in China who has sent out hundreds of millions of spams to sell his damned fake Rolex watches and cigarettes, and that has generated so many bounces from these damned Postfix systems on the net that I receive about a T1's worth of bounces constantly.
Yes, if spammers didn't abuse the Internet, Postfix wouldn't be a problem, but the fact of the matter is that spam now makes up approximately 94% of the mail transversing the Internet and virtually 100% of it uses forged addresses.
So, don't do it! Don't put Postfix on your box if it's going to be Internet connected. If you do expect your mail not to get delivered reliably because many people who get flooded by improperly bounced crap from your server are just going to block it entirely.
Take the time to learn sendmail, Bryan Costales and Eric Allman wrote an excellent book on the subject. If you can't grock sendmail, consider outsourcing your mail service instead of running your own server. The net functions as a community, if you're going to connect your computer to it, please be a responsible Internet citizen.
Don't DO IT. Stick with sendmail and save the net! Postfix has one MAJOR flaw, the way it handles undeliverable mail is by using delayed bounce.
When sendmail collects the address information, if it determines the mail is undeliverable, it refuses the mail right then and there. Postfix accepts it, queues it, and then attempts to bounce it back, except it does not send it back to the server it receives it from, NO, it uses the From address and attempts to bounce it back to that address.
Enter the evil spammer. The evil spammer doesn't want to be shutdown, so the evil spammer, all of whom should have their genitalia removed with 20 grit sandpaper to prevent propagation of their evil genes, forges the "From" address. This is trivial since the From address is supplied by user programs, it can be anything it wants to be.
Spammers using other peoples stolen resources don't really care how resource intensive their operation is, after all they're stealing what they need from someone else, that's what makes it so profitable. Consequently, often they'll just try a gazillion addresses. They'll buy lists from other spammers that might have e-mail addresses from a decade ago in it. They'll blast out several hundred forged spams forged as being from someone else's domain.
Now, if it were only sendmail on the Internet; all of the bad addresses would simply be rejected. But nope, now the Internet is polluted with PostF*cked and Postfix queues that crap mail, decides not to deliver it, and then bounces it back to the forged addresses contained in the message headers.
Now the lucky bastard whose domain was used in the forgeries, he gets 99 million bounces. Do I sound a little hostile? Well, yes, I am because I happen to host a domain that has been used by a bastard spammer from hell in China who has sent out hundreds of millions of spams to sell his damned fake Rolex watches and cigarettes, and that has generated so many bounces from these damned Postfix systems on the net that I receive about a T1's worth of bounces constantly.
Yes, if spammers didn't abuse the Internet, Postfix wouldn't be a problem, but the fact of the matter is that spam now makes up approximately 94% of the mail transversing the Internet and virtually 100% of it uses forged addresses.
So, don't do it! Don't put Postfix on your box if it's going to be Internet connected. If you do expect your mail not to get delivered reliably because many people who get flooded by improperly bounced crap from your server are just going to block it entirely.
Take the time to learn sendmail, Bryan Costales and Eric Allman wrote an excellent book on the subject. If you can't grock sendmail, consider outsourcing your mail service instead of running your own server. The net functions as a community, if you're going to connect your computer to it, please be a responsible Internet citizen.
posted by Nanook at 11:52 PM
1 Comments:
Every sane postfix installation checks recipient existance/status during SMTP conversation, thus, all your conclusion is plainly WRONG.
Post a Comment
<< Home