Now that I changed e-mail provider for Fastmail, I have to deal with a more traditional anti-spam protection. Basically, SpamAssassin with quite default features. This is a bad thing because that piece of software just doesn’t seem to learn properly. Notably, the Bayes filter is totally underpowered, as even when fully trained it can’t decrease the score by more than 1.9, which isn’t even as high as some basic violations like CK_HELO_DYNAMIC_SPLIT_IP (1.499) or HELO_DYNAMIC_IPADDR2 (3.607). But this is also a good thing, because it forces me to actually look into the problems instead of just having them “fixed” by pushing the “not spam” button a few times to teach Hotmail or Gmail not to send those e-mails to the spam folder.
So, I had those 2 violations HELO_DYNAMIC_IPADDR2 and CK_HELO_DYNAMIC_SPLIT_IP, which I hadn’t had before at my previous hosts. After a quick search, it seemed that this was caused by my hostname looking too much like the one of an ISP. For instance, my ISP gives reverse DNS looking like 22-22-33-126.rev.numericable.fr, and my server host gives, well pretty much the same. Like 44-122-133-9.blue.kundencontroller.de. For SpamAssassin, this looks too much the same: the HELO address, 44-122-133-9.blue.kundencontroller.de, seems like a residential, end-user computer, not like a proper server.
The fix to this is simple: configure your hostname so that it’s not your host’s default anymore (and make sure your new name doesn’t look like an IP either). I suggest simply taking one of the domain names already hosted on your server (you have to make sure that the relationship IP < -> domain name works in both directions). For instance, I set mine to patheticcockroach.com. Probably even better (more convenient for migrations) would be to had a third level domain name assigned to it, like server1.patheticcockroach.com
To configure postfix to use the new hostname, change that in /etc/mailname. (don’t forget to postfix reload or postfix stop and postfix start to apply changes).
You should also be able to configure the reverse DNS associated to your server in your host’s control panel. You’ll then have to wait for it to propagate, however you should also be able to quickly see the change with some specific tools like DomainToosl, for instance: http://whois.domaintools.com/81.7.10.145 (the hostname is indicated as “Resolve Host”).
I’m not 100% sure both parts are useful, yet I think it’s a good idea to make sure the Postfix HELO address matches the server’s reverse DNS.
Edit: actually, the most important part seems to be the myhostname = stuff.com line in /etc/postfix/main.cf.
0 Responses
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.