Loading ...
Sorry, an error occurred while loading the content.

Re: Rejecting International Email

Expand Messages
  • Terry Carmen
    ... OK. I was trying to be brief, but you guys just won t let this drop. The customer, not me, selects which countries they wish to accept mail from. I
    Message 1 of 54 , May 1, 2008
    • 0 Attachment
      M. Fioretti wrote:
      > Exactly. From all Terry has said so far, it really sounds like:
      >
      > a) he continues to believe, or at least market to his client, the idea
      > that "only accepting connections from **systems** inside the
      > geographic area they service" is **equal** to "only accepting
      > connections from **REAL** customers or potential customers who LIVE
      > AND WORK "inside the geographic area they service""
      >

      OK. I was trying to be brief, but you guys just won't let this drop.

      The customer, not me, selects which countries they wish to accept mail
      from. I explained that the IP allocation lists were close, but not
      perfect and that they will need to whitelist and blacklist various CIDR
      blocks that are incorrectly allocated.

      And I gave them a configuration application to do it from.

      The countries that are blocked are by their choice, not mine and if
      they're unhappy with the results, it only takes a click of a button to
      turn it back on.
      > Final note to Terry: if your clients are happy, OK. Although you're
      > making them a disservice if you haven't clearly explained that the
      > assumption in point a) above, upon which you are building the service
      > you sell them, has very shaky basis in reality: *they* may still be
      > one of the exceptions, I'm not in a position to deny it or to care at
      > all, but they should be sure to be one of such exceptions.
      >
      I allow any IPs that have been manually whitelisted, which includes
      Yahoo, GMail and customers/vendors that use IPs that are inside blocked
      countries, blacklists, etc.
      check_client_access cidr:/etc/postfix/OK.cidr,

      I deny all IPs that have an RDNS that matches a number of Dynamic-IP
      regular expressions
      check_client_access regexp:/etc/postfix/spam_ip_regex,

      I deny all IPs except those for those that are geo-located inside areas
      they have allowed.
      check_client_access cidr:/etc/postfix/ok_countries.cidr,

      I deny any IPs that are found on several RBLs

      All denied connections get a reject message containing a toll-free phone
      number. A phone call will result in being whitelisted immediately.

      Mail that is accepted is scanned for spamminess and attachments. If it's
      very spammy or contains anything but text or images, it's held for
      manual inspection, then released or deleted.

      This is all completely in their control, and they get a number of
      reports every day showing which connections were blocked or allowed and
      why, what was passed or deleted, as well as the normal postfix queue and
      I/O stats, so if they're not happy with the results, all it takes is a
      click of a button.

      I did not sell a "magic box" that claims to "Eliminate Spam". I built a
      system that met their requirements to block mail that originated outside
      the areas they want to talk to, and gave them full control over it.

      > The _only_ thing which made unhappy "a few people on this list" (or
      > me, at least), is simply the idea to endorse, even by just being
      > silent, the assumption in point a) as a general criterion valid in
      > anything but very few, fery special situations.
      >
      >
      While rejecting mail via geographic IP matching and regular expressions
      is not perfect and may be "politically incorrect", it is quite
      effective. It's use is a *business decision* not a technology decision.

      The only thing that matters is that it complies with the RFCs and meets
      the customer's requirements.

      Terry
    • M. Fioretti
      ... OK, great. This wasn t clear, not to me at least, from your original assertion. Marco -- Your own civil rights and the quality of your life heavily depend
      Message 54 of 54 , May 1, 2008
      • 0 Attachment
        On Thu, May 01, 2008 09:37:48 AM -0400, Terry Carmen wrote:

        > The customer, not me, selects which countries they wish to accept mail
        > from. I explained that the IP allocation lists were close, but not perfect
        > and that they will need to whitelist and blacklist various CIDR blocks that
        > are incorrectly allocated.
        >
        > And I gave them a configuration application to do it from.

        OK, great. This wasn't clear, not to me at least, from your original assertion.

        Marco

        --
        Your own civil rights and the quality of your life heavily depend on how
        software is used *around* you: http://digifreedom.net/node/84
      Your message has been successfully submitted and would be delivered to recipients shortly.