网普技术论坛 网普科技  
» 游客:   网普主页 | 注册 | 登录 | 帮助
 

作者:
标题: Why you should use :fail:[ZT] 上一主题 | 下一主题
网普科技
网普管理员

网普科技人民公仆


积分 3080
发贴 2863
注册 2004-6-26
来自 网普科技
状态 离线
#1  Why you should use :fail:[ZT]

There are sound technical reasons that you should only use :fail: and not :blackhole: on a cPanel server running exim. We have conducted quite extensive testing to establish this configuration is best and outline the reasons here.

In general the two different settings both discard email not destined for a POP3 account, an alias or a catchall alias. However, ever since cPanel included the verify = recipient code in the standard cPanel ACL section for exim, the way email is discarded differs with the two methods quite starkly:

    * Using :blackhole: email is accepted and received into the server in its entirety. It is then processed through exim and only on delivery is it written to the null device (/dev/null) and silently ignored.
          o This wastes server bandwidth as the email data, or body, of the email is accepted into the server
          o This wastes server resources (CPU, memory and disk I/O) as the email is fully processed by exim before being finally written to /dev/null
          o Because the blackholed email is still processed through the whole of exim before it is finally deleted, if any of the usual checks and routing that any email goes through fails, such email can be placed in the exim mail queue for later reprocessing. This can lead to tens of thousands of blackholed emails accumulating in the exim mail queue which in turn can cause a range of serious server performance and resource problems and will affect the normal and timely delivery of email
          o This actually breaks the SMTP RFC's because you're not notifying the sending SMTP server that the email is undelivered, which is a requirement
    * Using :fail: the email is never accepted into the server. During the initial SMTP negotiation when the senders SMTP server connects to your SMTP server, the sending SMTP server issues a RCPT command notifying your server which email address the email to follow is intended for. Your server then checks whether the recipient email actually exists on your server (a POP3 account, an alias or a catchall alias) and if it does not, it issues an SMTP DENY which terminates the attempt to deliver the email.
          o This saves bandwidth as the email data is never received into your server
          o This saves server resources as the email never has to be processed
          o This complies with the SMTP RFC's because the sending SMTP server receives the DENY command
          o Your server does not send a bounce message (just the DENY command)
          o Your server does not send anything to the sender of the email (i.e. the address in the From: line)
          o The sending SMTP server is responsible for notifying the original sender

Here is a simple explanation of what happens during the SMTP conversation

    * Some other SMTP server connects to your server on port 25 and initiates an SMTP connection (EHLO command)
    * Other server then sends a message saying who they're delivering a message for (MAIL FROM command)
    * Other server then sends who the message is for on your server (RCPT command)
    * At this point your server then checks whether the email address in the RCPT command can actually be delivered on your server. If you do not have a catchall alias configured to point to an email address (Default Address) and you have it set to :fail: the following happens:
    * Your server sends back along the same connection to the sending server "Go away, no-one here" (the DENY command)
    * The sender server would then normally tell their user that the attempt to email your server failed. Your server does not send a "bounce" message. As far as your server is concerned, all that has happened is a little SMTP chatter and no email has been received and no bounce sent

Additionally, this is what our Exim Deny ACL does:

    * If the sender server tries four email addresses that don't exist on your server the ACL disconnects the session with the sender server (DROP) and puts the IP address of the sender server into /etc/exim_deny
    * If the sender server connects again, the ACL first checks /etc/exim_deny and if it finds the senders IP address there the session is immediately disconnected

http://www.configserver.com/free/fail.html



天理路上甚宽,稍游心,胸中便觉广大宏朗;
人欲路上甚窄,才寄迹,眼前俱是荆棘泥涂。



网普科技,优质美国主机服务!
美国Linux主机,美国虚拟主机
支持PHP+MYSQL+cPanel+EMAIL
为用户负责,拒绝反动、赌博及色情内容! QQ:126818

发送QQ消息
2005-12-27 09:29 PM
查看资料  访问主页  发短消息  QQ   编辑帖子  引用回复 顶部
celn
网普高级成员





积分 209
发贴 197
注册 2004-6-30
状态 离线
#2  

好长

2006-1-3 10:38 AM
查看资料  发送邮件  发短消息   编辑帖子  引用回复 顶部
茱莉娅
THE BODY SHOP美容顾问

茱莉娅美体小铺


积分 209
发贴 197
注册 2009-5-21
来自 茱莉娅美体小铺
状态 离线
#2  赞助商信息The body shop

茱莉娅美体小铺
茱莉娅美体小铺淘宝店
茱莉娅美体小铺
2006-1-3 10:38 AM
查看资料  发送邮件  发短消息   编辑帖子  引用回复 顶部


可打印版本 | 推荐给朋友 | 订阅主题 | 收藏主题



论坛跳转:  




Powered by Discuz! 2.5 © 2001-2005 Comsenz Technology Ltd.
Processed in 0.005838 second(s), 7 queries, Gzip enabled
------------------------------------------------------------------------------
本论坛属网普科技交流与技术支持论坛!
拒绝任何人以任何形式在本论坛发表与中华人民共和国法律相抵触的言论!
美国主机, 美国虚拟主机, cPanel+PHP+Mysql+Ftp+Email+Zend+GD2+国际域名支持
技术支持 QQ: 126818 EMail & MSN: support[AT]netpu.net
[ 联系我们 ] - [ 网普科技 ]