Mailing List Archive: exim: users

greylisting

1 2

View All

Index | Next | Previous | View Threaded

jla21 at cornell

Mar 13, 2004, 10:54 AM

Post #1 of 47 (709 views)
Permalink

greylisting

Yay, I finally got a rudimentary greylisting system working on our mailserver!

Has anyone else implemented this? I've already made a sizeable to do
list of improvements to code.

-Josh

eximusers at downhill

Mar 13, 2004, 3:22 PM

Post #2 of 47 (680 views)
Permalink

Re: greylisting [In reply to]

On 2004-03-13 Joshua Alexander <jla21[at]cornell.edu> wrote:
> Yay, I finally got a rudimentary greylisting system working on our
> mailserver!

> Has anyone else implemented this? I've already made a sizeable to do
> list of improvements to code.
[...]

Iirc the CVS version of sa-exim supports greylisting.
cu andreas
--
"See, I told you they'd listen to Reason," [SPOILER] Svfurlr fnlf,
fuhggvat qbja gur juveyvat tha.
Neal Stephenson in "Snow Crash"

jla21 at cornell

Mar 13, 2004, 5:43 PM

Post #3 of 47 (680 views)
Permalink

Re: greylisting [In reply to]

Hello,

>Iirc the CVS version of sa-exim supports greylisting.
> cu andreas

Neat... I don't know if I can run that, though, as I'm using a cPanel
server. I'm still learning my way around it all.

-Josh

marc_news at merlins

Jan 30, 2005, 8:52 PM

Post #4 of 47 (680 views)
Permalink

Re: greylisting [In reply to]

On Thu, Jan 20, 2005 at 02:43:12PM +0000, Dennis Davis wrote:
> On Thu, 20 Jan 2005, Oliver Egginger wrote:
>
> > From: Oliver Egginger <oliver.egginger[at]dvz.fh-giessen.de>
> > To: Jeanne Schock <jschock[at]brynmawr.edu>
> > Cc: Exim User's Mailing List <exim-users[at]exim.org>
> > Date: Thu, 20 Jan 2005 15:33:05 +0100
> > Subject: Re: [exim] greylisting
> >
> > You have to implement an additional state machine, which coexists in
> > front of your MTA. For doing this you need a database (mysql for
> > example) where you can store a triple of ip address, sender address and
> > recipient address for incomming connections.
>
> See:
>
> http://projects.puremagic.com/greylisting/
>
> for a useful source of material. In particular the links page contains
> pointers to various implementations for exim. Can't comment any further
> as I don't use greylisting.

I apologize for everyone who already knows about this :)

http://marc.merlins.org/linux/exim/sa.html#greylisting

The main idea is that I don't think you want to greylist everyone, and
greylisting at RCPT TO causes some problems with VERP, so you only
greylist people who you're not sure are spammers or good folks.

Out of curiosity, does anyone know of other adaptive greylisting
implementations (i.e. you let most mails through without delay, refuse
the clear spammers right away, and only greylist people in the middle)

Marc
--
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems & security ....
.... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/ | Finger marc_f[at]merlins.org for PGP key

cjackson at localsurface

Jan 31, 2005, 4:29 AM

Post #5 of 47 (677 views)
Permalink

Re: greylisting [In reply to]

On Sun, 30 Jan 2005 19:52:31 -0800
Marc MERLIN <marc_news[at]merlins.org> wrote:

> On Thu, Jan 20, 2005 at 02:43:12PM +0000, Dennis Davis wrote:
> > On Thu, 20 Jan 2005, Oliver Egginger wrote:
> >
> > > From: Oliver Egginger <oliver.egginger[at]dvz.fh-giessen.de>
> > > To: Jeanne Schock <jschock[at]brynmawr.edu>
> > > Cc: Exim User's Mailing List <exim-users[at]exim.org>
> > > Date: Thu, 20 Jan 2005 15:33:05 +0100
> > > Subject: Re: [exim] greylisting
> > >
> > > You have to implement an additional state machine, which coexists
> > > in front of your MTA. For doing this you need a database (mysql
> > > for example) where you can store a triple of ip address, sender
> > > address and recipient address for incomming connections.
> >
> > See:
> >
> > http://projects.puremagic.com/greylisting/
> >
> > for a useful source of material. In particular the links page
> > contains pointers to various implementations for exim. Can't
> > comment any further as I don't use greylisting.
>
> I apologize for everyone who already knows about this :)
>
> http://marc.merlins.org/linux/exim/sa.html#greylisting
>
> The main idea is that I don't think you want to greylist everyone, and
> greylisting at RCPT TO causes some problems with VERP, so you only
> greylist people who you're not sure are spammers or good folks.
>
> Out of curiosity, does anyone know of other adaptive greylisting
> implementations (i.e. you let most mails through without delay, refuse
> the clear spammers right away, and only greylist people in the middle)

I have a resend boolean field. That way the if the email is resent, it
is never greylisted again. Of course that is only good for that
recipient. Also the IP field uses x.x.x.0/24 to account for the fact
that many companies send mail from multiple IPs. I agree that
greylisting can be quite restrictive. I lowered the time interval to 5
minutes because I noticed that most spammers never resend.

Jan-Peter.Koopmann at seceidos

Feb 15, 2005, 1:11 AM

Post #6 of 47 (680 views)
Permalink

RE: Greylisting [In reply to]

Hi Marc,

> ok - that's interesting - but I think I'm already catching
> the spam that would be affected by that with ACL rules. And
> the initial delays would be an issue.

How? What ACL that you use has the same effect as greylisting?

Regards,
JP

Carl.Inglis at TRgroup

Feb 15, 2005, 1:55 AM

Post #7 of 47 (678 views)
Permalink

RE: Greylisting [In reply to]

> Here greylisting is optional. Each recipient can choose whether
> to have it turned on or off. The deal is if it's on, don't complain
> about delays, if it's off don't complian about spam.

When I introduced greylisting here it cut the spam down by 97%.
Unfortunately I have a number of users who started complaining about the
delay and that killed the project.

After reading your post I'm thinking about the possibility of that sort
of opt-in system. Thanks for that.

> One thing I
> found is that there is no shortage silly configurations on the net.

Found a classic yesterday at home (where I do have greylisting) - Amazon
tried 53 connects in <30 minutes. How broken is that?!?!

Carl
--
Carl C. Inglis
IT Systems Administrator
Total Recruitment/Skillwise Ltd.
Help Desk: 01724 273350
--------------------------------------------------------------------------------------------------------------------
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom
they are addressed.

If you have received this email in error please notify the
originator of the message. This footer also confirms that this
email message has been scanned for the presence of computer viruses.

Any views expressed in this message are those of the individual
sender, except where the sender specifies and with authority,
states them to be the views of Total Recruitment Group.

Scanning of this message and addition of this footer is performed
by SurfControl SuperScout Email Filter software in conjunction with
virus detection software.

bill-exim at carpenter

Feb 15, 2005, 12:30 PM

Post #8 of 47 (679 views)
Permalink

RE: Greylisting [In reply to]

>> Here greylisting is optional. Each recipient can choose whether

Likewise here, though nobody has yet asked to be taken back out of
it. (I think they are too busy weeping with joy.) Since my greylist
whitelisting feature is just a big Exim "or" condition, it's easy for
me to add in specific localparts (or even specific localparts and
combinations of whatever else I know at recipient address verification
time).

I greylist for 5 minutes, and the results seem pretty good. Even the
spammers who do spinning retries immediately seem to give up after 2
or 3. It seems to be common for legit servers to do a retry at 10-15
minutes, which is not too bad. Still tuning....

PS:- Most of the sample Exim greylisting starting points are
understandably for Exim4. For reasons that are not important here, I
did mine for Exim3 (using embedded perl and a backing MySQL database).
If any Exim3 users are interested in details, drop me a line.
--
bill-exim[at]carpenter.ORG (WJCarpenter) PGP 0x91865119
38 95 1B 69 C9 C6 3D 25 73 46 32 04 69 D6 ED F3

hamster at korenwolf

Feb 16, 2005, 2:13 AM

Post #9 of 47 (679 views)
Permalink

RE: Greylisting [In reply to]

On Tue, 2005-02-15 at 11:30 -0800, WJCarpenter wrote:
> >> Here greylisting is optional. Each recipient can choose whether
>
> Likewise here, though nobody has yet asked to be taken back out of
> it. (I think they are too busy weeping with joy.) Since my greylist
> whitelisting feature is just a big Exim "or" condition, it's easy for
> me to add in specific localparts (or even specific localparts and
> combinations of whatever else I know at recipient address verification
> time).

During the time I was running it on the work machines it was generally
well received with a couple of complaints. Mainly from recipients who's
incoming email had got stuck with massive delays due to crummy MTAs at
the other end backing off for a day or more after the first error.
Unfortunately that implementation is now toast due to some
reorganisation though I'm currently planning on a replacement once I've
finished this damm migration.

Until the spammers morph to get round the problem it's a great solution
to the problem, but it's not going to last at it's current level of
effectiveness.

--
Mark Lowes <hamster[at]korenwolf.net>

christian at siebenbergen

Feb 16, 2005, 2:37 PM

Post #10 of 47 (679 views)
Permalink

Re: Greylisting [In reply to]

Hello Carl,

Carl Inglis, 15.02.2005 (d.m.y):

> When I introduced greylisting here it cut the spam down by 97%.
> Unfortunately I have a number of users who started complaining about the
> delay and that killed the project.

It's not just that there may be a delay in mail delivery - greylisting
on the one hand side needs the "corresponding" ressources to queue
"good" (i.e. non-spam) messages on _each_ other hand side...

That's what you should keep in mind...

Regards,
Christian Schmidt
--
Wie man sein Kind nicht nennen sollte:
Major Naise

ryant-lists at thawte

Feb 17, 2005, 1:42 AM

Post #11 of 47 (679 views)
Permalink

Re: Greylisting [In reply to]

Hi

Carl Inglis wrote:
> When I introduced greylisting here it cut the spam down by 97%.
> Unfortunately I have a number of users who started complaining about the
> delay and that killed the project.

I met with similar resistance so I ended up doing something which I think works quite well. You could limit greylisting to those hosts that act somewhat like spammers but you aren't quite sure enough to drop/deny them outright. I posted an extract from my acls a few weeks ago. Basically, I set acl_cX for certain condions like failures on helo and reverse_host_lookup verification, or appearance on a RBL. Then at acl_rcpt I look at acl_cX and greylist if those variables have anything assigned to them. You may still end up greylisting a valid sender and not greylisting a spammer (who happens not to be on a RBL and has perfect dns entries and says helo nicely) but, by and large, you will stop a lot of spam. Of course, I force greylisting to occur for all aliases and lists that are heavily spammed.

I have also tried greylisting emails without message_ids, etc., at acl_data and use a generic recipient instead of $local_part@$domain.

Hope that helps.

Cheers,
Ryan

Carl.Inglis at TRgroup

Feb 17, 2005, 2:25 AM

Post #12 of 47 (678 views)
Permalink

RE: Greylisting [In reply to]

> Hello Carl,

Hi Christian,

> > When I introduced greylisting here it cut the spam down by 97%.
> > Unfortunately I have a number of users who started complaining about
the
> > delay and that killed the project.
>
> It's not just that there may be a delay in mail delivery - greylisting
> on the one hand side needs the "corresponding" ressources to queue
> "good" (i.e. non-spam) messages on _each_ other hand side...

RFC2821 states "while mail that cannot be transmitted immediately MUST
be queued and periodically retried by the sender."

That "MUST" means that regardless of my use of greylisting or not, the
sender *has* to provide resources on the assumption that I won't be able
to accept the messages.

> That's what you should keep in mind...

I'm going to assume that this isn't meant as bluntly and agressively as
it comes across to me (I haven't had my morning coffee yet, so my "tone"
reader might be miscalibrated).

Carl
--------------------------------------------------------------------------------------------------------------------
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom
they are addressed.

If you have received this email in error please notify the
originator of the message. This footer also confirms that this
email message has been scanned for the presence of computer viruses.

Any views expressed in this message are those of the individual
sender, except where the sender specifies and with authority,
states them to be the views of Total Recruitment Group.

Scanning of this message and addition of this footer is performed
by SurfControl SuperScout Email Filter software in conjunction with
virus detection software.

christian at siebenbergen

Feb 17, 2005, 2:43 AM

Post #13 of 47 (679 views)
Permalink

Re: Greylisting [In reply to]

Hi Carl,

Carl Inglis, 17.02.2005 (d.m.y):

[greylisting]
> > It's not just that there may be a delay in mail delivery - greylisting
> > on the one hand side needs the "corresponding" ressources to queue
> > "good" (i.e. non-spam) messages on _each_ other hand side...
>
> RFC2821 states "while mail that cannot be transmitted immediately MUST
> be queued and periodically retried by the sender."
>
> That "MUST" means that regardless of my use of greylisting or not, the
> sender *has* to provide resources on the assumption that I won't be able
> to accept the messages.

Sure, but when using greylisting on the remote server, the local
server is urged to queue the mail only because of the greylisting on
the other hand side. And that's why I hold the opinion that the
implementation of greylisting is somewhat equal to "wasting other
people's resources".

And I hope I got it right: When a spammer succeeds in using rudimental
queueing mechanisms, greylisting on the destination server doesn't
prevent him from spamming either.
=> IMO greylisting may be a temporary solution, but goes to the cost
of others and will successful as long as spammers don't use any
queueing mechanisms.

Thank God there are several other means to fight spam using exim. ;-)

Regards,
Christian
--
Betroffene Hunde bellen

exim at inode

Feb 17, 2005, 3:38 AM

Post #14 of 47 (679 views)
Permalink

Re: Greylisting [In reply to]

Christian Schmidt wrote:
>> RFC2821 states "while mail that cannot be transmitted immediately
>> MUST be queued and periodically retried by the sender."

Yes, but the thought, that we have to queue every single ******* message
in the first place just because someone's greylisting, makes me kind of
sick.

>> That "MUST" means that regardless of my use of greylisting or not,
>> the sender *has* to provide resources on the assumption that I
>> won't be able to accept the messages.

I assume you have never run a system that processes several million
messages a day, have you? These "assumption" you're talking about is of
course made, but it is based on average and real life values, and you
don't calculate with "If every message gets rejected temporarily, I'll
need space and power to store and process a queue of 20 Million messages.".

> And that's why I hold the opinion that the implementation of
> greylisting is somewhat equal to "wasting other people's resources".

I completely agree with that.

> => IMO greylisting may be a temporary solution, but goes to the cost
> of others and will successful as long as spammers don't use any
> queueing mechanisms.

Yes, but it isn't usefull in any way even now, when spammers abuse other
peoples systems. (Via open relay, open proxies, etc.)
And by the way, spammers wouldn't have to really "queue" mails, just try
to send every temporary failed message a second time after they finished
processing their recipient list.

But as we're talking about greylisting, and many people here seem to use
it, what about the hints database problem I mentioned here some time
ago? As you're using greylisting, I'm sure you all have a solution to
this situation:

A mail comes in, addressed to a recipient at a remote host. This remote
host uses greylisting and says "mailbox temporarily unavailable". The
mail is put into the queue. Another mail arrives, addressed to the same
remote recipient, but from a different sender. The mail in the queue
hasn't been processed a second time, (or maybe it has, but to earliy for
greylisting to accept) because the're so many mails in it. (Due to many
people using greylisting out there.) The retry time for the recipient
has passed, exim starts a delivery, and the remote host says "mailbox
temporarily unavailable". The mail is put into the queue, and so on.

This causes mails to stay in the queue surprisingly long, like some days
or so. You may think this is not very likely, but we really have lots of
them here.
I would be really gratefull, if someone could point at a simple
solution, as I can't hear people complaining "I'm using greylisting, and
my mails are getting delayed!" anymore.

lg,
daniel

PS: Don't get me wrong, this is nothing personal, I'm just very annoyed
by all these wannabe spam solutions out there, that try to make fun
with SMTP communication in one way or the other.

ryant-lists at thawte

Feb 17, 2005, 5:24 AM

Post #15 of 47 (679 views)
Permalink

Re: Greylisting [In reply to]

Hi

>> And that's why I hold the opinion that the implementation of
>> greylisting is somewhat equal to "wasting other people's resources".
>
> I completely agree with that.

Perhaps this can be considered middle ground. Look at my earlier post in this thread on limiting greylisting to those hosts who are not properly configured: they don't say helo properly, they don't have valid reverse lookups, they are on RBLs, their emails don't have message_ids, etc. If a real smtp server displays those properties then surely they deserve an hour delay? And, if the admin of those servers scans his logs every so often he might find an 451 error message telling him exactly why his emails were deferred.

> PS: Don't get me wrong, this is nothing personal, I'm just very annoyed
> by all these wannabe spam solutions out there, that try to make fun
> with SMTP communication in one way or the other.

What to do: let spammers make profit with SMTP communications or have admins make fun with SMTP communications ;-) Just as a matter of interest, does anyone know of a study which tries to determine which costs more: deferred emails in a queue or volumes of spam taking up CPU cycles and memory in spamassassin. I guess its a diskspace versus cpu/ram thing?

Cheers,
Ryan

dwmw2 at infradead

Feb 17, 2005, 5:47 AM

Post #16 of 47 (679 views)
Permalink

Re: Greylisting [In reply to]

On Thu, 2005-02-17 at 11:38 +0100, Daniel Tiefnig wrote:
> Yes, but the thought, that we have to queue every single ******* message
> in the first place just because someone's greylisting, makes me kind of
> sick.

Indiscriminate greylisting would be bad. If I implement greylisting,
it'll be triggered by something in the incoming mail -- like a SA score
above zero, and it'll have a lot of whitelisting for high-volume
senders. Making them resend every single message isn't acceptable either
for the the sender or for the recipient.

In particular, if a given host is found to _actually_ resubmit a mail
after a temporary rejection, there's no point in _ever_ using
greylisting with that host again. You _know_ it queues mail properly and
isn't a dump-and-run spammer. It may be a spammer or an open relay, but
greylisting isn't going to help you deal with it.

--
dwmw2

bill-exim at carpenter

Feb 17, 2005, 11:30 AM

Post #17 of 47 (679 views)
Permalink

Re: Greylisting [In reply to]

dw> In particular, if a given host is found to _actually_ resubmit a
dw> mail after a temporary rejection, there's no point in _ever_ using
dw> greylisting with that host again. You _know_ it queues mail

That's correct, with a caveat. (We have several whitelist entries for
"marketing partner" sorts of undesirables who run real SMTP outbound
servers. Greylisting them just adds clutter and load and is
ultimately pretty pointless.)

You should wait at least a little while after the temporary rejection
before drawing this conclusion. There are some spambots (and, alas,
some legit SMTP servers) which will retry with essentially no delay.
I use a 5 minute delay here because it seems adequate (by my eyeball
inspection of the logs).

To come to the conclusion that a particular message is being
resubmitted, you have to see the message itself. Most greylisting
implementations act after RCPT. To know that the message is the same,
you'd have to act after DATA. Possible, of course, but not as simple,
and it's more costly. Most greylisting implementations act on the
triplet of (recipient, sender IP, sender). You could whitelist an IP
for all combinations after the first time (or after N times) it got a
"pass" in greylisting. The danger is probably small that you'll
whitelist it due to coincidence. This may be a good optimization for
VERP senders and the like.
--
bill-exim[at]carpenter.ORG (WJCarpenter) PGP 0x91865119
38 95 1B 69 C9 C6 3D 25 73 46 32 04 69 D6 ED F3

bill-exim at carpenter

Feb 17, 2005, 11:41 AM

Post #18 of 47 (679 views)
Permalink

Re: Greylisting [In reply to]

cs> Sure, but when using greylisting on the remote server, the local
cs> server is urged to queue the mail only because of the greylisting
cs> on the other hand side. And that's why I hold the opinion that the
cs> implementation of greylisting is somewhat equal to "wasting other
cs> people's resources".

There is no doubt about that. In a pre-spam world, it would be
incredibly rude to do that kind of thing. In the world we have now,
it's only worth being this little bit rude if the payoff is big. The
payoff is enormous at my site.

cs> Thank God there are several other means to fight spam using
cs> exim. ;-)

True enough. We're still waiting for any spam solution that's a
silver bullet by itself. (The Chief Software Architect of Microsoft
assures us that spam will be cured by sometime in 2006, so we only
have to hold out until then.)
--
bill-exim[at]carpenter.ORG (WJCarpenter) PGP 0x91865119
38 95 1B 69 C9 C6 3D 25 73 46 32 04 69 D6 ED F3

bill-exim at carpenter

Feb 17, 2005, 11:56 AM

Post #19 of 47 (678 views)
Permalink

Re: Greylisting [In reply to]

dt> Yes, but the thought, that we have to queue every single *******
dt> message in the first place just because someone's greylisting,
dt> makes me kind of sick.

Perhaps it is just imprecise language, but it's not every message
that's affected. It's just the first time the receiving site sees a
new combination of (recipient, sender IP, sender). For most normal,
person-to-person sorts of emails, I'm skeptical that this adds up to
much above normal levels. For mailing list and other types of
traffics that use VERP (unique addresses per message), it's a burden.

dt> Yes, but it isn't usefull in any way even now, when spammers abuse
dt> other peoples systems. (Via open relay, open proxies, etc.) And
dt> by the way, spammers wouldn't have to really "queue" mails, just
dt> try to send every temporary failed message a second time after
dt> they finished processing their recipient list.

Of course, these things are all true, but it is also true that most
spammers and most virus email is coming from individual systems and
does not retry. Everyone fully expects those things to morph to
overcome greylisting someday. That time might not even be that far
off. OTOH, it's so cheap and effective to implement greylisting today
that it's almost foolish to avoid it.

dt> But as we're talking about greylisting, and many people here seem
dt> to use it, what about the hints database problem I mentioned here
dt> some time ago? As you're using greylisting, I'm sure you all have
dt> a solution to this situation:

Probably the only solution today is getting the recipient sites to
whitelist your servers, which is certainly labor intensive on both
ends. (I spend a lot of time manually examining my greylist logs
looking for "legit" SMTP senders to add to my whitelist.)
--
bill-exim[at]carpenter.ORG (WJCarpenter) PGP 0x91865119
38 95 1B 69 C9 C6 3D 25 73 46 32 04 69 D6 ED F3

dwmw2 at infradead

Feb 17, 2005, 2:29 PM

Post #20 of 47 (679 views)
Permalink

Re: Greylisting [In reply to]

On Thu, 2005-02-17 at 10:56 -0800, WJCarpenter wrote:
> Perhaps it is just imprecise language, but it's not every message
> that's affected. It's just the first time the receiving site sees a
> new combination of (recipient, sender IP, sender). For most normal,
> person-to-person sorts of emails, I'm skeptical that this adds up to
> much above normal levels. For mailing list and other types of
> traffics that use VERP (unique addresses per message), it's a burden.

All messages from the mailing list come from the same host. Once you've
worked out the the host in question is actually going to re-send, you no
longer greylist anything from that host any more. Why is it a burden?

--
dwmw2

auj at aber

Feb 17, 2005, 2:46 PM

Post #21 of 47 (678 views)
Permalink

Re: Greylisting [In reply to]

Daniel Tiefnig (exim[at]inode.at) said, in message
<4214741B.1040100[at]inode.at>:
>
> Christian Schmidt wrote:
> >> RFC2821 states "while mail that cannot be transmitted immediately
> >> MUST be queued and periodically retried by the sender."
>
> Yes, but the thought, that we have to queue every single ******* message
> in the first place just because someone's greylisting, makes me kind of
> sick.

Greylisting doesn't force people to queue every single *******
message. Last April I gave a talk about our greylisting system
(http://users.aber.ac.uk/auj/spam/greytalk.ppt), so had reason
to look quite closely at deferral stats:

Week 21st - 28th March 2004
Total sender/recipient pairs tried: 519,221
Total delivered: 204,096
Total delivered without delay: 165,702 (81%)
Total delivered within 2 hours: 93%
Uncompleted: 315,125 (61%)
Complaints received about undelivered mail: 0
Assumed spam: 61% of all mail attempted.

Sure, we see queued messages here as a result of greylisting, but they don't
exactly take a vast amount of resources. If you've got as many naiive users
as I have, you're probably queueing many many more "remove me from your
mailing list" replies to addresses which are deferring due to their mailbox
being over quota!

By using greylisting here, we're saving vastly more processor, disk and
staff time than is used up by our having to queue mail to sites who
greylist our outbound mail, and I'm more than happy to take that extra
load.

Greylisting is currently a very good tool. Sometime soon it won't be. But,
in the past 16 months I've been able to forget about spam and get on with
the other 90% of my job :-)

Cheers,
Alun.

--
Alun Jones auj[at]aber.ac.uk
Systems Support, (01970) 62 2494
Information Services,
University of Wales, Aberystwyth

marc_news at merlins

Apr 24, 2005, 1:24 PM

Post #22 of 47 (679 views)
Permalink

Re: Greylisting [In reply to]

On Thu, Feb 17, 2005 at 12:47:44PM +0000, David Woodhouse wrote:
> On Thu, 2005-02-17 at 11:38 +0100, Daniel Tiefnig wrote:
> > Yes, but the thought, that we have to queue every single ******* message
> > in the first place just because someone's greylisting, makes me kind of
> > sick.
>
> Indiscriminate greylisting would be bad. If I implement greylisting,
> it'll be triggered by something in the incoming mail -- like a SA score
> above zero, and it'll have a lot of whitelisting for high-volume
> senders. Making them resend every single message isn't acceptable either
> for the the sender or for the recipient.

I think we're in full agreement there (yes, I'm behind on list mail
again, sorry :)

You already know about SA-Exim:
http://marc.merlins.org/linux/exim/sa.html#greylisting
http://marc.merlins.org/linux/exim/files/sa-exim-cvs/README.greylisting

Since it does exactly what you describe already, I'm curious about what
you're thinking about doing differently

Marc
--
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems & security ....
.... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/ | Finger marc_f[at]merlins.org for PGP key

dwmw2 at infradead

Apr 24, 2005, 5:30 PM

Post #23 of 47 (680 views)
Permalink

Re: Greylisting [In reply to]

On Mon, 2005-04-25 at 06:24 +1000, Marc MERLIN wrote:
>
> I think we're in full agreement there (yes, I'm behind on list mail
> again, sorry :)
>
> You already know about SA-Exim:
> http://marc.merlins.org/linux/exim/sa.html#greylisting
> http://marc.merlins.org/linux/exim/files/sa-exim-cvs/README.greylisting
>
> Since it does exactly what you describe already, I'm curious about
> what you're thinking about doing differently

Nothing drastically different; I just implemented it in Exim config.
Other ACLs set $acl_m0 if they find anything in the mail to which they
object, and then it's handled by
http://david.woodhou.se/eximconf/include/acl-greylist

Yeah, I really ought to finish the sqlite support.

--
dwmw2

lists at steffen-heil

Jun 15, 2005, 9:43 AM

Post #24 of 47 (679 views)
Permalink

RE: greylisting [In reply to]

Hi

> The above two, and Message-ID.

I don't want to take this into account, since I do greylisting at RCPT time.

> http://david.woodhou.se/eximconf/include/acl-greylist

Looks nice, but what about performance.
How many mails does this system handle?

lsearch is not the fastest...

Regards,
Steffen

Attachments:

smime.p7s (3.10 KB)

dwmw2 at infradead

Jun 15, 2005, 2:02 PM

Post #25 of 47 (679 views)
Permalink

RE: greylisting [In reply to]

On Wed, 2005-06-15 at 18:43 +0200, Steffen Heil wrote:
> I don't want to take this into account, since I do greylisting at RCPT
> time.

But that presumably means you're doing greylisting unconditionally. It
makes a lot more sense only to do it for mail which is actually
considered suspicious for some reason.

Otherwise you just end up delaying a lot of good mail for no reason.

--
dwmw2

1 2

View All

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact lists@gossamer-threads.com