Anyone using zen.spamhaus.org?

Fri Sep 8 14:48:17 IST 2006

> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
> bounces at lists.mailscanner.info] On Behalf Of Jim Holland
> Sent: Friday, September 08, 2006 2:59 AM
> To: MailScanner discussion
> Subject: Re: Anyone using zen.spamhaus.org?
> 
> On Thu, 7 Sep 2006, Chris Sweeney wrote:
> 
> > Thats funny I have never had that problem.
> >
> > Res wrote:
> > > On Thu, 7 Sep 2006, Jim Holland wrote:
> > >
> > >> I haven't noticed hotmail doing that, but other large ISPs such as
> > >> Yahoo,
> > >> Gmail, MessageLabs etc seem to make only a single delivery attempt
> > >> and if
> > >> that tempfails they still return the mail to sender and don't try the
> > >> secondary.  Very annoying!
> > >
> > > Hmmm I've never checked gmail, dont have/need an account there,
> > > thanks for the heads up
> 
> I had a specific problem with the above three ISPs because they all ignore
> the SIZE extension during the SMTP transaction.  Our system has very
> little bandwidth - 64K for our 2,500 users.  So we need to be very
> efficient, and set a 1.5 MB size limit on incoming mail.  However these
> three systems will happily attempt to deliver us messages of 10 MB or
> more.  Because they don't announce the size at the beginning, we can't
> tell them the message is too large until they have sent the full message.
> Which is a huge waste of bandwidth.
> 
> So I thought I would be clever and give them a 451 error when their
> servers connected, so they would always be forced to use our secondary MX
> which has far more bandwidth than we do.  I do that frequently when being
> mailbombed by a system sending genuine mail (eg huge mailing lists) - they
> then send the mail to the secondary from which I can collect it during
> off-peak periods. However when I checked over the day that I tried to
> implement this with Gmail, Yahoo and MessageLabs, there was no indication
> that the mail we had tempfailed here from these three systems was being
> resent to our secondary MX.  I quickly stopped doing it - and am still
> left with the problem of how to block their annoying large messages.
> 
> Perhaps I have drawn too broad a conclusion about these ISPs from this
> experience?  Perhaps an explicit 451 generated by us causes them to
> respond differently than if they got a different kind of temporary failure
> such as a timeout.  However if I am correct I would expect that
> greylisting would not work with these systems for the same reason.
> 
> Regards
> 
> Jim Holland
> System Administrator
> MANGO - Zimbabwe's non-profit e-mail service
> 

With sendmail or the latest postfix, this might help

milter-length http://www.snertsoft.com/sendmail/milter-length/ 

>From the site:
"This is a Sendmail utility milter that imposes message size limits by IP
address, domain name, or sender address on a message body length, excluding
the message headers. Sendmail's MaxMessageSize option only allows for a
single global server wide message size limit, which is insufficient for some
sites that would prefer finer granularity in the application of message size
limits. This is particularly useful for mail hosts that manage several
domains and/or a large number of users, such as an ISP."

I don't know at what point the connection is broken if the message is too
large but I would hope that It happens as soon as the message size limit is
reached during the transmission. This milter is a free source download so if
you can read the code it you could find out - or contact the author.

Steve

Stephen Swaney
Fort Systems Ltd.
stephen.swaney at fsl.com
www.fsl.com