March 3rd, 2004

LiveJournal SMTP server

We'd like to setup our SMTP servers such that paid users can use them to send out email using their address.

The main goal then is to require people to use our SMTP servers, so we can publish a stricter SPF record that says "All mail comes from only this network."

If anybody would like to kick-start this feature and wants to write up docs, here are the requirements:

-- postfix, Debian
-- SASL auth
-- plug-in to do auth/authz, because:
-- paid users only
-- rate-limited (don't want to be giving spammers $2.50/month access to our SMTP servers)
-- must be able to also log somehow the RCPT TO addresses... but after they've been obscured with a hashing function. by keeping track of how many distinct recipient addresses, we can allow reasonable outgoing mail limits to regular users (since regular users tend to email the same people a lot) and catch/flag spammers, who mail many different people all the time.
-- SSL would be nice, optionally.

The idea is we'll setup a host like "" which will do the above validation and rate checks, then relay it on to our real smtp servers.

As an incentive: first person to write up good instructions that let us do the rest gets 1 or 2 permanent accounts. (you don't have to do the anti-spammer stuff, but you must demonstrate how we can get at the RCPT data....)

I have a suspicion that this is all going to be a pain in the ass, because I've never found a mail system that's flexible enough and that I even remotely like. But maybe you guys are better at mail... I'm certainly not.