The OpenBSD and FreeBSD graphs stop early because OpenBSD crashed when I forked more processes, and I couldn't find out how to increase FreeBSD's system limit on the number of processes (sysctl said the value was read-only).
If you can't figure out how to tune the OS, you sure as hell should not be benchmarking it. That line makes this whole "benchmark" worthless to me.
Does this mean you can't set a default OS to load? You can't set a default timeout? Seems odd to me, and needs more explanation for that comment.
What the poster should have written, is that the bootloader does not _need_ to be manually configured. By editing/etc/loader.conf, you can specify default OS, boot loader timeouts, and anything else your heart desires.
As for the article, the author is clearly inexperienced. He used the deprecated kernel compile process instead of the current system.
Finally, at the end, there's the bit about 'ee' beint better than 'vi', but no discussion about what 'ee' is or why it is better than a very standard editor that's on every Unix in the world.
ee stands for easy editor and it is exactly that. A very simple and straight forward editor for a novice sysadmin not unlike pico, although even easier. It is not modal. The author only meant it would be easier for a novice than jumping into vi and on that I agree. As a long time vi person, however, I could never use ee. It drives me crazy.
At least it was enough for me to decide that FreeBSD isn't for me. I'm lazy, I admit it. I do certain things often enough that I want them to be simple. I prefer 'make xconfig' over manually editing a file to customize my kernel.
This is a silly thing to say. You have never experienced the beauty and simplicity that is the FreeBSD kernel compile. It takes far less time for me to edit the GENERIC kernel config file to my liking than it does to run through make menuconfig. And once I have the file, I never need to re-run make menuconfig. The config file is built and I just build updated kernels with it.
I really hope you do not make all your OS decisions based on the ramblings of an unknown author on the Internet. I have used Linux and FreeBSD extensively for years (as well as Solaris, HP/UX, IRIX, AIX, and SUN/OS when it was still around) and I can honestly say I believe sysadmin to be a LOT easier under FreeBSD. If you are lazy, then you are doing yourself a disservice by not giving FreeBSD a serious chance.
I prefer a one-step package management command to a multi-step one.
FreeBSD has a one-step, a menu-based, and a src based multi-step package install. All of these are tied into the same package system for easy management. You really should give FreeBSD a try before deciding you don't like it.
But for a desktop system, Linux seems to be the better choice for me.
Here I would likely agree simply because there are more AV apps available for Linux.
The most horribly broken, horribly insecure systems on the internet (besides small businesses running MS exchange) are those of some of the larger ISPs.
I appreciate the insight, but this just has not been my experience. When I run security checks (DNS, envelope checking, HELO, etc.) the only people who get killed are:
1. Spammers
2. Small businesses running Exchange
3. Cable modem Sendmail systems
If what you are saying is true, then I apologize but it just has not been my experience.
probably started off as a young and hopeful exchange admin during the dot.com boom...making $175,000 a year, adminning an exchange server or two.
Actually, Exchange and Linux dweebs on cable modems are the bane of my existence:)
dude, you are old. jaded. and tired.
This is very true.
you need to retire from slashdot.
Also very true.
i've not read a post from such a low slashdot id that has made me so disgusted.
Why thank you for noticing:)
you should just leave...before you post even more embarrasing(to yourself) comments.
When you post that with you own account, and not as an AC, perhaps I will take your advice.
The fact is, I admin far too many email servers and two types of servers driving me buck-nutty. ANY Exchange server, and Sendmail boxes running on some random cable modem connection.
If you honestly were an email admin, you would be as sick and tired of dealing with these boxes as I am.
The other poster seemed to be pretty clearly taking a different position... he paid more money for his bandwidth to get certain privileges. He didn't want someone who paid less than him to get those privileges. Just because he paid more than them, and not because they were abusing those privileges.
This isn't even remotely accurate. My problem is that people are running email servers but aren't doing so well. They don't pay anything significant for their connection, so they do not take the time and care to run them correctly. I am willing to bet that everyone running a mail server behind NAT is violating the RFC's. Maybe 5% of people actually have their server configured correctly.
In the end? It is a moot point. Dial-up and cable users are being shut out of email - whether you like it or not. Use your ISP's mail servers and stop bitching. Run your own inbound if you want, I really could care less about that.
You're obviously some kid who likes playing with his CFLAGS and hasn't been using UNIX long in a proper setting, but sheesh... get out more.
Actually I prefer to use real Unix systems like Solaris. I have worked on: HP/UX, Solaris, SunOS, IRIX, AIX, BSD/OS, Open/Net/Free BSD and far too many Linux distributions. If you think RedHat is a well put together system, you need your head examined. To be honest, if you hadn't posted as an AC then perhaps someone would have cared what you think.
I also never suggested that RedHat, Debian or anyone else close up shop. I suggested that they start organizing their systems a little better. I don't for a second believe Gentoo is a technically superior distribution, just that they figured out how to organize things.
Honestly, sometimes I wish you Gentoo fanboy I am hardly a Gentoo fanboy. I am a BSD user who thinks Gentoo is the closest any Linux distro has gotten to "getting it right."
If you'd like to play with the big boys, and toss email, you'll need to play on the same turf.
Amen!
The other thing I am completely sick of is people running their own mail servers just because they can. That gets old real quick. I stopped running my own mail server when I realized just how much time and effort it required to do correctly.
Just because you run Linux and can, sort of, configure Sendmail, doesn't mean you need to run your own damned mail server.
The biggest threat to email isn't open relays or proxies. The biggest threat is every fucking ninny out there that just has to run their own mail server and then does so poorly. If I want to receive mail from most of these idiots, then my server has to be willing to accept email from completely broken servers. In the end, that means spammers get through where I should be able to block them.
The one thing I completely do not understand, is that this is only dealing with outbound email. If the people who are complaining had brain one in their heads, they would configure their server to use their ISP's mail servers as outbound relays anyway. Why? Because it is more secure, it reduces the load on your server, and you do not need to do DNS lookups. Why would you want to bother with all the crap involved in sending an email when you can let your ISP worry about it (You could still have a local SMTP server that simply forwards to your ISP's servers). Nowhere in this article did the subject of inbound email ever come up.
Those people who actually know anything about SMTP actually pay for rack space and/or a real Internet connection.
When you have read and completely understand RFC 821, 822, 2821, 2822, 1034, 1035, 1123, etc. then come talk to us. Until then, go back to your Kazaa.
Secondly, there is a limit to how many resource records can be sent in a UDP packet and many important ISPs such as AOL, MSN, Yahoo, etc., have far to many.
If you exceed the limit for a UDP answer, then the server performs another request using TCP. Considering this information would be cached with reasonable TTL's, I do not see the problem.
Where do you get off thinking that you have the same rights online as someone paying 3, 4, 5 or even 6 times as much as you?
I pay $250 a month for a 768 SDSL connection. The cost isn't just for the SDSL. Part of that cost is the routed connection, the SLA and the 32 IP addresses I have. Do you really think you should be able to run a mail server on your $40 a month cable modem connection? I certainly don't think so.
Yes and it is the only Linux distribution worth using.
How about downloading the source and compiling it yourself?
That's a good point. There is nothing I like better than searching through my system for all the files and libraries a program installs so that I can remove it or upgrade it. No to mention getting dependencies right. Yeah, I really don't know why we bother with packages at all. Hell, let's go back to Slackware!
Obviously there is no consideration of SRPMS?
First, F@*$! SRPMS. Second, the author was pointing out the problems with the number one Linux Distro. Are there some cool Linux admins/users? Sure. Most of the Linux world, however, is composed of children who simply hate Microsoft and wouldn't know what a good Unix system looked like if it hit them on the head. Like anything popular, Linux is currently suffering from posers, groupies and wannabes.
What about Portage?
As has already been conceded, Gentoo is a cool Linux distro.
Wow, the folks who created ext2 and ext3 telling the BSD people that they do not know what a good file system is. It took me 10 minutes to stop laughing at this post.
-RELEASE is a snapshot of the -STABLE tree at the time of a particular release. -RELEASE is not updated or otherwise kept current. -RELEASE is what you would install when a new version comes out (As boot floppies are only available for -RELEASE). The only reason for releases is to serve as markers within the -STABLE cycle. It allows people to talk about a particular set of features and code.
-STABLE is the stable branch of FreeBSD. It is a moving target and is constantly being updated to keep it secure and stable. Nothing gets introduced into -STABLE unless it has been tested thoroughly.
-CURRENT is just that. It is the bleeding edge.
If you run -RELEASE on your system, you may as well ask to get hacked. There are no updates to -RELEASE. When OpenSSH is patched, those changes are only available to people tracking -STABLE.
Unless you're doing development and if these are production servers, I suggest that you run -RELEASE on them.
Unless you are an idiot, I would suggest you actually track -STABLE and keep your boxes secure.
the attachment approach is too simplistic. That will 5xx e-mail that is legitimate.
The day.pif is an acceptable attachment is the day I get out of computers. Why must everything be complicated? Blocking all pif's, scr's and so on will completely stop Sobig and requires almost no processing power. It also avoids all of the problems associated with dropping messages or generating bounces.
"mildly braindamaged"?!?! djbdns is a case of full on dementia. qmail is equally brain damaged. The log files are downright useless (in my opinion) and the configuration makes me want to shoot myself.
Exim and Postfix are so superior to qmail in terms of manageability that it is embarrassing to qmail.
Had to be a postfix user making such a reasonable post:)
I actually run almost identical rejections to the ones that you mention. I reject all Windows executables with a message to send them inside a.zip if they need to send it. I also reject certain virus subject lines with a message to change the subject if it isn't the virus.
I run my mail servers on postfix but have not kept up with the mailing lists recently. Not surprising though to see such a similar response.
1. SMTP is not a one-hop operation. Mail goes from client to server 1 to server 2 to (destination) server 3. If server 3 decides to reject, you've just moved the problem to server 2, who has already accepted the mail. You haven't solved anything.
I have pushed the problem back to the server that accepted the message in the first place. Why should I have to deal with it? If they accepted the email then either a) it is one of their customers or b) their server is completely misconfigured. Either way it is up to them to figure out what to do with the message not me.
Some actually scan for viruses or apply heuristics instead of rejecting anything with a scary attachment.
Actually we do full virus scanning... _After_ getting rid of the cruft. Unfortunately this is done through the sort of delayed scanning you mention. That is a shame too because it would be far less resource intensive to simply reject the message than to accept it, generate a bounce, and spend time trying to deliver it.
If the real sender can't be tracked down, then there is absolutely no better alternative than/dev/null.
But have you even attempted to "track down" the sender? If you generate a bounce, and it bounces, then yeah, it is a double bounce and should be dropped. But until that happens, you are supposed to try to return it. Unfortunately for now that means returning it to the wrong person.
Here is a better idea: Block outgoing port 25 and require the email sent from your server to have a From: address within the domains you manage? This really isn't unreasonable and is a much better idea than dropping messages. It would prevent bounces to another domain and allow the admins within that domain to track down the system(s) causing the problem.
Reverse MX would also help by preventing these systems from connecting to a mail server and claiming to have a message from another domain.
I _completely_ agree. Now just convince the corporate world of that and we are set. Seriously though, the corporate world believes email to be reliable. Until that attitude changes, we are stuck with doing whatever it takes to ensure that a message gets through.
First of all, you have the Two Armies Problem. Two armies are on opposite sides of a common enemy. If they attack that common enemy on their own, they will lose, so they must attack at the same time. How do you send messages to each other with knowledge of receipt? You can't. If I send the "Go" and you send the "OK", how do you know that I got the "OK"? I send an ACK. How do I know you got the "ACK"? You send me another ACK... and so on.
TCP/IP seems to handle this just fine. This is why you have timeouts and sequence numbers and so on.
The Second problem with EMail is that a good number of routers that use the leaky bucket protocol will see that it's only port 25, not something important like port 21, and drop the packet.
But don't you see? That is ok! The server that has accepted responsibility for the message will be unable to deliver it (it will not get the 250 it needs) and it will generate a bounce. People will know the email did not get through. The problem is when people take responsibility for a message (with a 250) and _then_ drop it. That is just not acceptable.
In fact, returning a 5XX is a bounce. It's not blocking them from sending it. You have still received the data, and nothing is going to undo that.
No it is not a bounce. It is a rejection of the email by my server. By returning a 5xx error, I have refused to accept responsibility for the message. If I were to actually accept the message (250) then I would be responsible for either delivering it or generating a bounce.
When I return a 5xx error I have told the server on the other side of the connection that they either have to find another way to deliver the message or they need to generate a bounce.
I never said that this would prevent me from receiving the data, just that I refuse to accept it. If you do not understand the difference then perhaps you should read the RFC's a little more carefully. (That is not intended as a flame, just meant to clarify a misunderstanding.)
Actually I get a ton of email, a lot of which is spam or a virus (or a virus bounce). I have actually stopped all of these messages from getting through by blocking SMTP connections that fail to follow the protocols. Postfix does this quite happily and prevents 95% of spam and all of the current virus/trojans from getting through.
Slashdot Mirror
The OpenBSD and FreeBSD graphs stop early because OpenBSD crashed when I forked more processes, and I couldn't find out how to increase FreeBSD's system limit on the number of processes (sysctl said the value was read-only).
If you can't figure out how to tune the OS, you sure as hell should not be benchmarking it. That line makes this whole "benchmark" worthless to me.
-sirket
Does this mean you can't set a default OS to load? You can't set a default timeout? Seems odd to me, and needs more explanation for that comment.
/etc/loader.conf, you can specify default OS, boot loader timeouts, and anything else your heart desires.
What the poster should have written, is that the bootloader does not _need_ to be manually configured. By editing
As for the article, the author is clearly inexperienced. He used the deprecated kernel compile process instead of the current system.
Finally, at the end, there's the bit about 'ee' beint better than 'vi', but no discussion about what 'ee' is or why it is better than a very standard editor that's on every Unix in the world.
ee stands for easy editor and it is exactly that. A very simple and straight forward editor for a novice sysadmin not unlike pico, although even easier. It is not modal. The author only meant it would be easier for a novice than jumping into vi and on that I agree. As a long time vi person, however, I could never use ee. It drives me crazy.
At least it was enough for me to decide that FreeBSD isn't for me. I'm lazy, I admit it. I do certain things often enough that I want them to be simple. I prefer 'make xconfig' over manually editing a file to customize my kernel.
This is a silly thing to say. You have never experienced the beauty and simplicity that is the FreeBSD kernel compile. It takes far less time for me to edit the GENERIC kernel config file to my liking than it does to run through make menuconfig. And once I have the file, I never need to re-run make menuconfig. The config file is built and I just build updated kernels with it.
I really hope you do not make all your OS decisions based on the ramblings of an unknown author on the Internet. I have used Linux and FreeBSD extensively for years (as well as Solaris, HP/UX, IRIX, AIX, and SUN/OS when it was still around) and I can honestly say I believe sysadmin to be a LOT easier under FreeBSD. If you are lazy, then you are doing yourself a disservice by not giving FreeBSD a serious chance.
I prefer a one-step package management command to a multi-step one.
FreeBSD has a one-step, a menu-based, and a src based multi-step package install. All of these are tied into the same package system for easy management. You really should give FreeBSD a try before deciding you don't like it.
But for a desktop system, Linux seems to be the better choice for me.
Here I would likely agree simply because there are more AV apps available for Linux.
-sirket
The poster was not listing programs that he/she felt were not GNU licensed but rather that he/she knew to be GNU licensed.
The posters point was that out of the entire FreeBSD OS, these are the _only_ GNU programs in the system. Pretty impressive if you ask me.
-sirket
The most horribly broken, horribly insecure systems on the internet (besides small businesses running MS exchange) are those of some of the larger ISPs.
I appreciate the insight, but this just has not been my experience. When I run security checks (DNS, envelope checking, HELO, etc.) the only people who get killed are:
1. Spammers
2. Small businesses running Exchange
3. Cable modem Sendmail systems
If what you are saying is true, then I apologize but it just has not been my experience.
-sirket
You don't know how wrong you are.
Coming from an AC this means a lot.
-sirket
probably started off as a young and hopeful exchange admin during the dot.com boom...making $175,000 a year, adminning an exchange server or two.
:)
:)
Actually, Exchange and Linux dweebs on cable modems are the bane of my existence
dude, you are old. jaded. and tired.
This is very true.
you need to retire from slashdot.
Also very true.
i've not read a post from such a low slashdot id that has made me so disgusted.
Why thank you for noticing
you should just leave...before you post even more embarrasing(to yourself) comments.
When you post that with you own account, and not as an AC, perhaps I will take your advice.
The fact is, I admin far too many email servers and two types of servers driving me buck-nutty. ANY Exchange server, and Sendmail boxes running on some random cable modem connection.
If you honestly were an email admin, you would be as sick and tired of dealing with these boxes as I am.
-sirket
The other poster seemed to be pretty clearly taking a different position... he paid more money for his bandwidth to get certain privileges. He didn't want someone who paid less than him to get those privileges. Just because he paid more than them, and not because they were abusing those privileges.
This isn't even remotely accurate. My problem is that people are running email servers but aren't doing so well. They don't pay anything significant for their connection, so they do not take the time and care to run them correctly. I am willing to bet that everyone running a mail server behind NAT is violating the RFC's. Maybe 5% of people actually have their server configured correctly.
In the end? It is a moot point. Dial-up and cable users are being shut out of email - whether you like it or not. Use your ISP's mail servers and stop bitching. Run your own inbound if you want, I really could care less about that.
-sirket
You're obviously some kid who likes playing with his CFLAGS and hasn't been using UNIX long in a proper setting, but sheesh... get out more.
Actually I prefer to use real Unix systems like Solaris. I have worked on: HP/UX, Solaris, SunOS, IRIX, AIX, BSD/OS, Open/Net/Free BSD and far too many Linux distributions. If you think RedHat is a well put together system, you need your head examined. To be honest, if you hadn't posted as an AC then perhaps someone would have cared what you think.
I also never suggested that RedHat, Debian or anyone else close up shop. I suggested that they start organizing their systems a little better. I don't for a second believe Gentoo is a technically superior distribution, just that they figured out how to organize things.
Honestly, sometimes I wish you Gentoo fanboy
I am hardly a Gentoo fanboy. I am a BSD user who thinks Gentoo is the closest any Linux distro has gotten to "getting it right."
-sirket
If you'd like to play with the big boys, and toss email, you'll need to play on the same turf.
Amen!
The other thing I am completely sick of is people running their own mail servers just because they can. That gets old real quick. I stopped running my own mail server when I realized just how much time and effort it required to do correctly.
Just because you run Linux and can, sort of, configure Sendmail, doesn't mean you need to run your own damned mail server.
The biggest threat to email isn't open relays or proxies. The biggest threat is every fucking ninny out there that just has to run their own mail server and then does so poorly. If I want to receive mail from most of these idiots, then my server has to be willing to accept email from completely broken servers. In the end, that means spammers get through where I should be able to block them.
The one thing I completely do not understand, is that this is only dealing with outbound email. If the people who are complaining had brain one in their heads, they would configure their server to use their ISP's mail servers as outbound relays anyway. Why? Because it is more secure, it reduces the load on your server, and you do not need to do DNS lookups. Why would you want to bother with all the crap involved in sending an email when you can let your ISP worry about it (You could still have a local SMTP server that simply forwards to your ISP's servers). Nowhere in this article did the subject of inbound email ever come up.
Those people who actually know anything about SMTP actually pay for rack space and/or a real Internet connection.
When you have read and completely understand RFC 821, 822, 2821, 2822, 1034, 1035, 1123, etc. then come talk to us. Until then, go back to your Kazaa.
Completely sick of SMTP,
-sirket
Secondly, there is a limit to how many resource records can be sent in a UDP packet and many important ISPs such as AOL, MSN, Yahoo, etc., have far to many.
If you exceed the limit for a UDP answer, then the server performs another request using TCP. Considering this information would be cached with reasonable TTL's, I do not see the problem.
-sirket
Where do you get off thinking that you have the same rights online as someone paying 3, 4, 5 or even 6 times as much as you?
I pay $250 a month for a 768 SDSL connection. The cost isn't just for the SDSL. Part of that cost is the routed connection, the SLA and the 32 IP addresses I have. Do you really think you should be able to run a mail server on your $40 a month cable modem connection? I certainly don't think so.
-sirket
Never heard of Gentoo?
Yes and it is the only Linux distribution worth using.
How about downloading the source and compiling it yourself?
That's a good point. There is nothing I like better than searching through my system for all the files and libraries a program installs so that I can remove it or upgrade it. No to mention getting dependencies right. Yeah, I really don't know why we bother with packages at all. Hell, let's go back to Slackware!
Obviously there is no consideration of SRPMS?
First, F@*$! SRPMS. Second, the author was pointing out the problems with the number one Linux Distro. Are there some cool Linux admins/users? Sure. Most of the Linux world, however, is composed of children who simply hate Microsoft and wouldn't know what a good Unix system looked like if it hit them on the head. Like anything popular, Linux is currently suffering from posers, groupies and wannabes.
What about Portage?
As has already been conceded, Gentoo is a cool Linux distro.
-sirket
That is entirely correct and I do not know what I was thinking. Brain death was clearly a problem this morning.
-sirket
Wow, the folks who created ext2 and ext3 telling the BSD people that they do not know what a good file system is. It took me 10 minutes to stop laughing at this post.
-sirket
This is just plain wrong.
-RELEASE is a snapshot of the -STABLE tree at the time of a particular release. -RELEASE is not updated or otherwise kept current. -RELEASE is what you would install when a new version comes out (As boot floppies are only available for -RELEASE). The only reason for releases is to serve as markers within the -STABLE cycle. It allows people to talk about a particular set of features and code.
-STABLE is the stable branch of FreeBSD. It is a moving target and is constantly being updated to keep it secure and stable. Nothing gets introduced into -STABLE unless it has been tested thoroughly.
-CURRENT is just that. It is the bleeding edge.
If you run -RELEASE on your system, you may as well ask to get hacked. There are no updates to -RELEASE. When OpenSSH is patched, those changes are only available to people tracking -STABLE.
Unless you're doing development and if these are production servers, I suggest that you run -RELEASE on them.
Unless you are an idiot, I would suggest you actually track -STABLE and keep your boxes secure.
-sirket
This isn't a hole on OpenBSD. According to Theo this can only crash SSHD, not give access.
-sirket
the attachment approach is too simplistic. That will 5xx e-mail that is legitimate.
.pif is an acceptable attachment is the day I get out of computers. Why must everything be complicated? Blocking all pif's, scr's and so on will completely stop Sobig and requires almost no processing power. It also avoids all of the problems associated with dropping messages or generating bounces.
The day
-sirket
Anyway, if qmail's configuration makes you want to shoot yourself... what does *Sendmail's* configuration do?
:)
It doesn't do anything to me... I refuse to use it
-sirket
djbdns strikes me as mildly braindamaged
"mildly braindamaged"?!?! djbdns is a case of full on dementia. qmail is equally brain damaged. The log files are downright useless (in my opinion) and the configuration makes me want to shoot myself.
Exim and Postfix are so superior to qmail in terms of manageability that it is embarrassing to qmail.
But then again these are just my opinions.
-sirket
After a postfix-users discussion
:)
.zip if they need to send it. I also reject certain virus subject lines with a message to change the subject if it isn't the virus.
Had to be a postfix user making such a reasonable post
I actually run almost identical rejections to the ones that you mention. I reject all Windows executables with a message to send them inside a
I run my mail servers on postfix but have not kept up with the mailing lists recently. Not surprising though to see such a similar response.
-sirket
If a virus is directly connecting to your SMTP server, no bounce will be generated by a 5XX response. This is the usual case with Sobig,
Thank you for pointing out the most important fact here (And of course the one I completely forgot to mention).
-sirket
1. SMTP is not a one-hop operation. Mail goes from client to server 1 to server 2 to (destination) server 3. If server 3 decides to reject, you've just moved the problem to server 2, who has already accepted the mail. You haven't solved anything.
/dev/null.
I have pushed the problem back to the server that accepted the message in the first place. Why should I have to deal with it? If they accepted the email then either a) it is one of their customers or b) their server is completely misconfigured. Either way it is up to them to figure out what to do with the message not me.
Some actually scan for viruses or apply heuristics instead of rejecting anything with a scary attachment.
Actually we do full virus scanning... _After_ getting rid of the cruft. Unfortunately this is done through the sort of delayed scanning you mention. That is a shame too because it would be far less resource intensive to simply reject the message than to accept it, generate a bounce, and spend time trying to deliver it.
If the real sender can't be tracked down, then there is absolutely no better alternative than
But have you even attempted to "track down" the sender? If you generate a bounce, and it bounces, then yeah, it is a double bounce and should be dropped. But until that happens, you are supposed to try to return it. Unfortunately for now that means returning it to the wrong person.
Here is a better idea: Block outgoing port 25 and require the email sent from your server to have a From: address within the domains you manage? This really isn't unreasonable and is a much better idea than dropping messages. It would prevent bounces to another domain and allow the admins within that domain to track down the system(s) causing the problem.
Reverse MX would also help by preventing these systems from connecting to a mail server and claiming to have a message from another domain.
-sirket
Email is NOT a reliable form of communication.
I _completely_ agree. Now just convince the corporate world of that and we are set. Seriously though, the corporate world believes email to be reliable. Until that attitude changes, we are stuck with doing whatever it takes to ensure that a message gets through.
First of all, you have the Two Armies Problem. Two armies are on opposite sides of a common enemy. If they attack that common enemy on their own, they will lose, so they must attack at the same time. How do you send messages to each other with knowledge of receipt? You can't. If I send the "Go" and you send the "OK", how do you know that I got the "OK"? I send an ACK. How do I know you got the "ACK"? You send me another ACK... and so on.
TCP/IP seems to handle this just fine. This is why you have timeouts and sequence numbers and so on.
The Second problem with EMail is that a good number of routers that use the leaky bucket protocol will see that it's only port 25, not something important like port 21, and drop the packet.
But don't you see? That is ok! The server that has accepted responsibility for the message will be unable to deliver it (it will not get the 250 it needs) and it will generate a bounce. People will know the email did not get through. The problem is when people take responsibility for a message (with a 250) and _then_ drop it. That is just not acceptable.
-sirket
In fact, returning a 5XX is a bounce. It's not blocking them from sending it. You have still received the data, and nothing is going to undo that.
No it is not a bounce. It is a rejection of the email by my server. By returning a 5xx error, I have refused to accept responsibility for the message. If I were to actually accept the message (250) then I would be responsible for either delivering it or generating a bounce.
When I return a 5xx error I have told the server on the other side of the connection that they either have to find another way to deliver the message or they need to generate a bounce.
I never said that this would prevent me from receiving the data, just that I refuse to accept it. If you do not understand the difference then perhaps you should read the RFC's a little more carefully. (That is not intended as a flame, just meant to clarify a misunderstanding.)
-sirket
Actually I get a ton of email, a lot of which is spam or a virus (or a virus bounce). I have actually stopped all of these messages from getting through by blocking SMTP connections that fail to follow the protocols. Postfix does this quite happily and prevents 95% of spam and all of the current virus/trojans from getting through.
-sirket