Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Need to offer SMTP relay, how to stop spammers / being blacklisted
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Need to offer SMTP relay, how to stop spammers / being blacklisted

tweaksturtweakstur Member
edited October 2012 in Help

I have a few clients in need of a SMTP relay as their ISP does not provide one. These clients are in the hospitality business and will be offering this SMTP relay to their guests. Now as this will be used by the public, I can't guarantee that their computers won't be comprised by a virus/trojan/worm.

I'm looking at setting up Exim on an LEB with one IP address and using iptables to only allow traffic over port 25 from a few whitelisted ip addresses.

How can I protect my server from spammers and avoid being blacklisted? Is it just a matter of limiting the rate of emails per hour?

Comments

  • jhjh Member

    Something like this maybe? http://www.jcdigita.com/eximconfig/

    Thanked by 1tweakstur
  • Postgrey http://postgrey.schweikert.ch/ blocks a ton of spam. I don't know about using it with exim, I use postfix. rDNS checks block a ton of spam. I also use zen.spamhaus.org and
    dnsbl-1.uceprotect.net RBLs.

    Thanked by 1tweakstur
  • I'd like to keep this at distance from my company, would it be worthwhile to register a generic domain for rDNS purposes?

    Will read up on both options, thanks for the info.

  • How many people are even showing up at this place unable to send out email? how
    about just advising them to tell the end users to check with support for their own email/internet provider to find out the appropriate settings for sending mail.

  • Guests?

    Run it on the internal network?

  • sleddogsleddog Member
    edited October 2012

    @tweakstur said: I have a few clients in need of a SMTP relay as their ISP does not provide one. These clients are in the hospitality business and will be offering this SMTP relay to their guests.

    If I understand correctly, you're saying that the hospitality business(es) use ISP(s) that don't offer SMTP service?

    Do these hospitality businesses have static or dynamic IPs?

    For something like this, Postfix is a more robust SMTP server than Exim. Add the businesses static IPs to 'mynetworks' to get mail delivery working. Then look at 'smtpd_sender_restrictions' to limit spam. There are various rules you can implement there, including header and body checks. If that isn't enough you can pipe mail out to another application for spam-checking.

    @tweakstur said: I'd like to keep this at distance from my company, would it be worthwhile to register a generic domain for rDNS purposes?

    Absolutely, that's what I'd do. Register a generic domain and set your mail service up on smtp.genericdomain.com. Set that name in Postfix. Configure SPF and set up DKIM if you want to have any hope of delivering to Hotmail, Yahoo, etc.

    And put your smtp service on a LEB outside of your own IP space. Monitor it closely for outgoing mail. The only spam-sending should be guests at the hospitality businesses. Do people send spam while on holiday? :) If it becomes an issue kill the service and rethink it....

    Thanked by 1tweakstur
  • @tweakstur said: Now as this will be used by the public, I can't guarantee that their computers won't be comprised by a virus/trojan/worm.

    That kinda kills it right there. If you're unable to ascertain that you will be able to offer a service without potentially causing issues for innocent peolpe, you should not offer the service.

    That being said, what about a transactional system like Mandrill or Sendgrid? Mandrill has an SMTP interface, in which the API key that is generated is the password. It even shows you emails-sent-by-API-key. Take a look at the logs, and see that a specific API key is sending out a lot of spam? Delete the API key from your account, mail stops getting sent.

    Thanked by 1tweakstur
  • +1 Mandrill

    I would consider creating an account just for that client, so if their is a lot of spam it goes against them, not you.

  • @sleddog said: For something like this, Postfix is a more robust SMTP server than Exim. Add the businesses static IPs to 'mynetworks' to get mail delivery working.

    +1 on this, it works great for specifying which hosts/subnets are allowed to relay through the postfix server

  • @Damian @connercg I've never read up on Mandrill until now. It does look very appealing for a few web apps that I'm working on but I'm trying to avoid third party providers on this one.

    @sleddog This seems like the path to take. Do you know if there's any "commonly used/community updated" rule sets for the header and body checks?

Sign In or Register to comment.