Apr
29

Is it so bad to be E-mail Nazi!

First so I don’t offend anyone, I’m not useing the word Nazi in a bad sense, only like Seinfield in the Soup Nazi episode.  We have began actually following RFC821.

So what is an RFC?  Well it is a Request for Comments.  It is the standards that defines the Internet and how it operates.  It also refers to the way RFC documents are discussed and approved by the Internet community.

RFC821 describes the way e-mail servers talk to each other.  So lets go over a standard email discussion between two servers.  We will call them mail.serverA.net and mail.serverB.com.  A is going to connect to B and send an email to UserB from UserA.  This starts when mail.serverA.net connects to mail.serverB.com on port 25.  ServerA has ip 1.1.1.1 and ServerB 2.2.2.2

ServerB: 220 mail.serverB.com

ServerA:  helo mail.serverA.net

ServerB: 250 mail.serverB.com Hello mail.serverA.net [1.1.1.1], pleased to meet you

ServerA: MAIL FROM: [email protected]

ServerB: 250 2.1.0 [email protected].. Sender ok

ServerA: RCPT TO: [email protected]

ServerB:  250 2.1.0 [email protected].. Recipient ok

ServerA:  DATA

etc…

So exactly how did we start following the standards?  Rules!

First we require that the server you connect to ours from has a correct DNS entry.  DNS is the Domain Name Service, it is the service that turns mail.serverA.net to 1.1.1.1.  So if our mail server gets an email from mail.serverA.net we do a DNS/Nslookup on the mail server and see that it returns 1.1.1.1 but wait then we check to see that 1.1.1.1 returns to mail.serverA.net as a standard all mail servers that send email should have their dns forward and reverse.

Second we require the server to identify itself per standard.  Helo FQDN (Fully Qualified Domain Name).  This is part of the RFC821.  So serverA would say
helo mail.serverA.net

Third per RFC we require the mail from: and rcpt to: to follow RFC period.
mail from: <user@host>

Last not following the RFC or anything else, but we are stopping users from emailing themselves.  Something that spammers have taken up doing.  Not emailing themselves, although that would be funny.  They have started sending email as the user, so the to and from are the same.  I know we can block email if it is not from an internal ip etc….  That does not work as our users are located on many different networks, at many different locations.

So how has this done?  Well we have had people calling that can’t email to someone.  We explain why and tell them how to fix it.  Users have called “I don’t think mail is working, I haven’t got any spam!”.  Oh yea and the hoss mail server has gone from 80 to 90% processor usage to less then 15% at peak.  We have also blocked 300,000 on one server in 24 hours.

Finally if you are a mail administrator, please quit just going with it!  Please quit going, well its broke but it still works no one is complaining.  Fix Your Server!

Its related:

Tags: email, servers, Work

Posted by zerolove Nerdology Subscribe to RSS feed

Leave a Reply

You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

blog comments powered by Disqus
spring