Re: mail server

---

• From: Logan Shaw <lshaw-usenet@xxxxxxxxxxxxx>
• Date: Sat, 09 Sep 2006 15:47:45 GMT

---

Davide wrote:

I need to configure a brand new mail server for a customer who will use
it for mailing and distribution list.

What are the rules (rfc or web documents) to follow to build a strong
mail server without risk to goes into a spamming o black list?

I will use solaris to do this.

Here are some rules that I know of:

(1) Pick an MTA that doesn't have security problems. If there are
security patches, apply them quickly.
(2) Configure the MTA not to be an open relay. This is the single
most important one.
(3) Pick an MTA that follows the RFCs. Luckily, that's really not
too hard; mostly only custom spam software breaks them.
(4) Make sure you have DNS properly set up. There are blacklists
that will add you if your PTR record doesn't point back to your
hostname, etc. This is because there is a positive correlation
between hosts with misconfigured DNS and hosts that send spam.
(5) Do virus checking of some type so that you aren't forwarding
viruses through your mail server. That means checking for
outbound (from your site to the rest of the world) and inbound
viruses, not just one direction.
(6) Don't send any spam! :-)
(7) Don't use a dynamic IP address. There are blacklists for that too.
(8) Don't put up any web forms that can be exploited to send spam
through your server. I'm talking about the "Tell a friend about
this page! Just enter an e-mail address and your message here!"
type. These can be used to cause your server to send spam, so
that boils down to #6.

You probably also want to filter spam that arrives at your mail
server. For that, SpamAssassin works well, but you can also use
a few other techniques like sendmail's greet-pause feature (or
a similar feature in another MTA) or greylisting.

- Logan
.

---

• References:
  • mail server
    • From: Davide

• Prev by Date: Re: Jumpstart x86 - not accepting -B insall_media=<NFS MOUNT>
• Next by Date: Re: Sun One Webserver 6.1 with openLDAP client auth crashes
• Previous by thread: mail server
• Next by thread: Jumpstart x86 - not accepting -B insall_media=<NFS MOUNT>
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: How to do rDNS. WAS: RE: educating rDNS violators ... It's done in the DNS server. ... As a spam prevention measure, a lot of end-user Internet providers are ... Using your own mail server as a slave to the ISP's mail server will add ... (Security-Basics) Re: content filtering ... While that's an admirable goal (refer to Bill Gates saying that spam ... If you want to consider the presence of an IP address in a DNSBL ... If a server is set up properly and message bounced with a SMTP ... 550 code would come to the attention of the mail server admin who could ... (microsoft.public.exchange.admin) Re: Locking Down Exchange 2003 to Prevent it from being Blackliste ... the mail server is patched and configured correctly and Client desktops are ... You need to relay on your spam software reporting capabilities ... Security+, Project +, Server + ... Make sure your DNS is properly set up and that you are complying ... (microsoft.public.exchange.admin) Re: Slightly OT: Greylisting another take ... > While I can understand that mail server admins choose tools ... Spam blocking (at least responsible spam ... If your actual mail server isn't sending spam, ... Greylisting has nothing to do with RBLs. ... (Fedora) Extended 5xx code (was Re: Drop UCE instead of forwarding off-site?) ... end has accepted it and before the back end forwarded target MTA ... and its purpose to quash backscatter. ... thinks something is spam, and realizes it's coming from a friendly ... server, it should silently discard it rather than rejecting it. ... (comp.mail.sendmail)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)