slowass.net gets a lot of hits on port 25, usually in waves. I never see them coming, and enough email gets through that I don't really notice that they've happened, but when I least expect it, all of my clients start to grumble that I'm not responding to their emails. I'm not getting their emails. Some botnet owner thinks slowass.net is a major ISP with thousands of users, and machines from a poll of hundreds of thousands -- at least. I've automated firewalling them in the past, but eventually so many were firewalled that the machine got stuck spending 95% of its CPU time in the kernel, enforcing the bans). As soon as one IP is firewalled, another connects and starts trying to brute force out user names. The net result is that email at slowass.net has been extremely unreliable through virtue of working well enough that I start to trust it, and I'm too vain to stop using it and just move everything to gmail. That and I really like emailing with mutt. If your client can't handle 10,000 messages in the inbox and sort snappily with little RAM, it sucks (more than mutt).
After this last round, exasperated, I told a client I was going to ask Google about their hosted email service and otherwise apply for the beta. On a Friday evening, I used Google to search for the service, found it, logged in to my account, and (verbosely -- big surprise) filled out the form. They wanted to know what I was using for email now. This struck me as an open-ended question, so I told them: Postfix with Perl in a .forward for ad-hoc bans, using the dialup users RBL (I didn't get into this with them, but as an aside for you, all of the other RBLs wronged me at some point, and none seem to be earnest about dropping bans after a few years, and none are honest about what their policies actually are), plus greymilter. As for why, I explained the botnet-sucking-me-dry problem, and also explained that I'd like to recommend it for clients (I have one in particular in mind -- one who suggested it for themselves, actually) but I want to be qualified to recommend it first.
Later that same Friday, an approval form letter was sitting in my gmail box. There was a step of setting up an admin user for the domain (to add other users and whatnot). The login screen for @gmail.com users but has the login box on the opposite side, clearly labeled @slowass.net.
Logging in, there's an additional administration screen with the inbox the second link on the very top nav. The inbox area looks just like the traditional gmail.com user interface, but had additional little status boxes on the right side telling me in some sanitized language that the account wasn't active yet, and linked to the .py served FAQ. That along with two messages in the inbox explained what MXes I needed to use to have mail sent there. I changed out my BIND named and my djbdns named (djbdns/tinydns is infinitely less klunky, bloated, and unnerving as BIND). The setup apparently had to be manually approved before I could send mail out, even though the system automatically recognized and confirmed that the MX records were set correctly (meanwhile, all of my changes at netsol.com came undone, for about the 20th time -- burn in hell, you fucking bastards!). After fixing my nameservers and contact information yet again (it doesn't change to anything strange -- just to *old* data), I found I couldn't send outgoing mail from the hosted gmail service with a "more information" link explaining that the account will be approved soon and to be patient. I don't remember the wording but it implied, or at least I think it implied, that a human had to flip a switch. Meanwhile, I got fetchmail compiled (another fussy, klunky, badly documented, bizarelly overbloated program) and sicced it on my email. And voila. The thousands of attempts on non-existant users are being turned away, and the hundreds of pieces of spam each day are being shuffled off into a folder where I won't see them (along with my test email message which I hand delivered -- okay, missing headers doesn't score well).
I feel like I should be doing some pentesting or something for the priviledge, but I think I'm just going to try to forget about all of this and move on, happily operating just like I always have -- mutting out messages all day long, stockpiling gigs and gigs of sent and recieved mail, tagging messages, following my RSS feeds of tagged messages, building local indices of my mail messages, sorting and searching in mutt, and all of that -- only with port 25 *closed*, less spam, and hopefully (knocking on wood), no more dropped messages.
-scott
