After playing around with my electronic mail server I have decided to only accept outgoing mail from authenticated clients via the Submission ( 587 ) and SMTPS ( 465 ) ports on all servers under my control, during the past few days I noticed that server load and spam are way down; since I can now be more strict with client name and HELO/EHLO checks on all connections via the standard SMTP (25) port, something I could not do before.
Authenticated client messages can bypass strict SPAM checks but do get checked for virus infection and are signed with the server’s DomainKey on their way out.
Blocking port 25 doesn’t sound like such a bad idea to me now because 95% of spam attempts on my servers seem to be from windows zombies. After I implemented the new checks I just get a handful of spam from a few hijacked servers and open relays. SpamAssassin gets most of them in the first try.
I am quite happy with the results so far. :-)
Recent Comments