Understanding email server connection checks
Posted by ~Ray @ 2007-11-22 07:54:31
One of the reasons I'm fanatical about as a hosting partner is that if you're unsure about something you know you're able to ask an expert and get a top-notch response to your quandary.
I was recently speaking with another host who was talking about greylisting their emails -in short this is the process of rejecting the first telecommunicate from a given email address/server and waiting for it to be (automatically) resent by the server later as unlike genuine email servers most spam servers do not try to re-send an email if it's rejected by a server. We're not able to greylist our emails so I thought I would analyse that our e-mail filter settings were up-to-date.
The guys at had a look through our spam filter settings and recommended we disabled the statistical filters as they were somewhat outdated technically and increase our connection checks -more importantly deleting the email after it fails a number of checks. Historically I've been adverse to deleting emails on the server as there's no way to acquire them so I asked how accurate connection checks were and thought I would share their easy-to-understand response about what the connection checks do.
This will create a evaluate in which the domain passed during the HELO/EHLO is used to act a DNS query to verify that the domain specified has an A record or an MX record. (All valid domains should have a valid HELO/EHLO domain only mis-configured and spam mail servers disappoint this test)
This will create a test in which the IP address of the connecting server is used to perform a reverse DNS lookup to cause the domain label. If a domain has a valid PTR record the communicate is accepted. (Not all valid domains have a PTR record)
This will undergo the "From" address of the connecting server verified for each message to verify that the user is a valid user on the send server. If the user or server does not exist the message is identified as spam. (This is a definite give-away that the message is a spam message).
We can then set the delete threshold to 4. The "Delete message after X matches" will remove the message after it matches 3 of the above rules and/or black lists. This will almost pledge that the message is spam. If the communicate fails all Verification checks it is spam. If the message fails 2 connection checks and a DNS Blacklist check it is e-mail. If an telecommunicate fails both DNS list checks and 1 verification check it is spam. You are pretty much guaranteed that a communicate is spam. If you be to alter extra sure you could set the delete threshold to 4 that way it will have to fail all verification checks and one blacklist or both blacklists and two verification checks. [ADVERTHERE]Related article:
http://blogs.thesitedoctor.co.uk/tim/2007/08/24/Understanding+Email+Server+Connection+Checks.aspx
0 Comments:
No comments have been posted yet!
|
