Tuesday, October 30, 2018

Re: spamd and google smtp ips

On 2018-10-30, Chris Narkiewicz <hello@ezaquarii.com> wrote:
> Hi,
>
> I'm configuring spamd and I noticed that when I send an e-mail from
> GMail, each time the e-mail is submitted by a different IP address.
>
> Here is spamdb output after sending a test email to myself:
>
> GREY|209.85.219.182|mail-yb1-f182.google.com|...
> GREY|209.85.219.177|mail-yb1-f177.google.com|...
> GREY|209.85.219.176|mail-yb1-f176.google.com|...
> GREY|209.85.219.172|mail-yb1-f172.google.com|...
> GREY|209.85.219.180|mail-yb1-f180.google.com|...
> GREY|209.85.219.175|mail-yb1-f175.google.com|...
> GREY|209.85.219.173|mail-yb1-f173.google.com|...
> GREY|209.85.219.179|mail-yb1-f179.google.com|...
> GREY|209.85.208.46|mail-ed1-f46.google.com|...
> GREY|209.85.161.52|mail-yw1-f52.google.com|...
> ... snip ...
>
> Of course they are not whitelisted, as each submission
> attempt is done by a different node and I guess google has A LOT of
> them. I see 2 issues with that:
>
> 1) e-mail delivery takes a lot of time (as google uses exponential
> backoff and stops frequent retries after few failures)
>
> 2) whitelisted IPs are more likely being expired, as my server is
> not getting a lot of gmail traffic
>
> I suppose different big e-mail providers will
> have similar issues.
>
> I'm also running BGP server to download a whitelist,
> but it does not contain google servers.
>
> Are there any solutions get around this problem? Ideally I'd like
> to just whitelist reputable mail providers as I see little chance
> that any spammer will outsmart Google/Yahoo/Microsoft/etc.

Opinions definitely vary, but my 2p:

I haven't run spamd myself for years, I got fed up with delayed and
lost mails. My opinion is that unless you have a really busy mail system
behind spamd you're unlikely to get a good set of hosts kept in the
whitelist without a bunch of work. It's not just office365 and gmail
(which are a pain but can be mostly dealt with by iterating through
SPF records and figuring out the addresses of the outgoing mail
servers), it's also "transactional" email. Password resets, email
address verification, information about orders, tickets, etc. In
the past I've particularly noticed this as a problem on mail sent
directly from webservers which are often quite poorly setup,
sometimes they haven't retried at all, sometimes they've been
on a VERY slow retry schedule.

Funnily enough the majority of spam that makes it to my inbox is
received forwarded from a box that *is* running spamd. Maybe spamd
would stop some junk but I get the impression it's likely to be
junk that would be fairly easily blockable by other methods anyway
and the pain isn't worth it for me.

No comments:

Post a Comment