Re: Greylisting

I use greylisting via postfix and the extra postfix-gld program.

in main.cf:

smtpd_recipient_restrictions = permit_sasl_authenticated,
                             permit_mynetworks,
                             ....
                             check_policy_service inet:127.0.0.1:2525,
                             ....

It uses MySQL for storing the lists (white and grey) which is fine for
my setup, some other greylist setups use highly corruptable hash db's
and I enjoy having a very persistent greylist.

Lets seeeee..

mysql> select count(*) from greylist;
+----------+
| count(*) |
+----------+
| 85532 |
+----------+

mysql> select count(*) from whitelist;
+----------+
| count(*) |
+----------+
| 51 |
+----------+

We have 214 email accounts on this box. 15% of that is employees I
closely monitor at the company and we have all seen very dramatic
effects, including pointing our fingers and laughing at a slight few
Exchange servers that just.. don't.. understand..

Basically a 4xx error in SMTP follwed by a response should always lead
to a server retry.. Exchange doesn't always allow that, or at least its
easy to configure it that way.

We greylist based on Class C as well as recv/send domain. Class C
greylisting is highly recommended if you are receiving mail from a
client that uses a highly available or multi server SMTP hosting service
like google and a few other mailing services. In some cases a server
sending a mail and receiving the "Try Again" message may hand it off to
another server to queue and try again, or send out again as a different
IP if they are load balancing the outbound mail, a Class C vs Per IP
setup helps in these cases.

Let me know if you need to know a bit more.

Shane

in On Wed, 2006-01-04 at 18:23 -0900, Jon Reynolds wrote:
> Kevin Miller wrote:
> > Jon Reynolds wrote:
> >
> >>I am considering greylisting as yet another layer for spam. I have
> >>been reading the pros and cons and have a list of the servers that
> >>will not try a resend. I can easily white list those servers when the
> >>time comes, but I was wondering if anyone else uses greylisting and
> >>their experiences with it.
> >>=20
> >>How many IP's or domains have you actually had to white list? Has it
> >>been effective at stemming the tide of spam? Is it recommended or is
> >>there something I missed in my reading that makes it a bigger headache
> >>than creating a new cf for spamassassin?
> >>=20
> >>Thanks for any advice,
> >
> >
> > I'm not greylisting, but I did implement greet_pause. If you're using
> > sendmail 8.13 you might add:
> >
> > FEATURE(`greet_pause', `10000')dnl
> >
> > to your build. It provides some of the functionality of greylist but
> > was already available. I saw a dramatic drop off in the amount of spam.
> > What it's doing is putting the sending MTA "on hold" so to speak.
> > Legitimate MTAs handle it just fine. Spam machines don't have time to
> > wait so the connection is dropped and never picked up again.
> >
> > I whitelisted a couple of domains in /etc/mail/access but didn't spend
> > much time on it after the first couple days. Nobody's called
> > complaining their mail is being rejected, and it's been months since I
> > implemented it.
> >
> > HTH...
> >
> > ...Kevin
> > --=20
> > Kevin Miller Registered Linux User No: 307357
> > CBJ MIS Dept. Network Systems Admin., Mail Admin.
> > 155 South Seward Street ph: (907) 586-0242
> > Juneau, Alaska 99801 fax: (907 586-4500
> > ---------
>
> Thanks Kevin, that was also something else I was reading about and
> wasn't able to find a good answer.
>
> Jon
> ---------
> To unsubscribe, send email to <aklug-request@aklug.org>
> with 'unsubscribe' in the message body.
>

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Thu Jan 5 00:28:07 2006