Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: exim: users

Greylist -Hosts sending from Multiple MX's.

  

 
exim users RSS feed   Index | Next | Previous | View Threaded


gpeel at thenetnow

Aug 26, 2008, 2:17 PM

Post #1 of 5 (282 views)
Permalink
Greylist -Hosts sending from Multiple MX's.
Hi all,

A few months back, with alot of help from this list, I implimented
GREYLISTING (which is working well), with one exception:

Some ISPs (mail hosting farms, Spam scanning services etc, sometimes resend
from a different MX each retry period, which, obviously, causes some serious
email delays - todays for example, was delayed about 8 hours.

Question: Is there an expression we can add that will only look at the FQDN
or change the FQDN (as opposed to the full MX name?

i.e. mx129.emailservice.com to emailservice.com (or *emailservice.com)

Thanks in advance,

-Grant

Here is the GREYLISTING setup (from 'configure'):

...

GREYLIST_TEST = SELECT IF(NOW() > block_expires, 2, 1) \
FROM exim_greylist \
WHERE relay_ip = '${quote_mysql:$sender_host_address}' \
AND from_domain = '${quote_mysql:$sender_address_domain}' \
AND record_expires > NOW()

GREYLIST_ADD = INSERT INTO exim_greylist \
SET relay_ip = '${quote_mysql:$sender_host_address}', \
from_domain = '${quote_mysql:$sender_address_domain}', \
block_expires = DATE_ADD(NOW(), INTERVAL 1 MINUTE), \
record_expires = DATE_ADD(NOW(), INTERVAL 14 DAY), \
origin_type = 'AUTO', \
create_time = NOW()

GREYLIST_UPDATE = UPDATE exim_greylist \
SET record_expires = DATE_ADD(now(), INTERVAL 14 DAY) \
WHERE relay_ip = '${quote_mysql:$sender_host_address}' \
AND from_domain = '${quote_mysql:$sender_address_domain}' \
AND record_expires > NOW()

...

warn set acl_m2 = ${lookup mysql{GREYLIST_TEST}{$value}{0}}
defer ! hosts = +whitelist
! hosts = +relay_from_hosts
! authenticated = *
condition = ${if eq{$acl_m2}{0}{yes}}
condition = ${lookup mysql{GREYLIST_ADD}{yes}{no}}
message = Now greylisted - please try again in 1
minute.
log_message = ADDING TO GREYLIST
defer ! hosts = +whitelist
! hosts = +relay_from_hosts
! authenticated = *
condition = ${if eq{$acl_m2}{1}{yes}}
message = Still greylisted - please try again in 1
minute.
log_message = STILL GREYLISTED
defer
! hosts = +whitelist
! hosts = +relay_from_hosts
! authenticated = *
condition = ${lookup mysql{GREYLIST_UPDATE}{no}{no}}
message = Greylist update failed
log_message = GREYLIST UPDATE FAILED

...


--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


exim-users-20080324 at djce

Aug 26, 2008, 2:35 PM

Post #2 of 5 (268 views)
Permalink
Re: Greylist -Hosts sending from Multiple MX's. [In reply to]
On Tue, Aug 26, 2008 at 05:17:14PM -0400, Grant Peel wrote:
> Question: Is there an expression we can add that will only look at the FQDN
> or change the FQDN (as opposed to the full MX name?
>
> i.e. mx129.emailservice.com to emailservice.com (or *emailservice.com)

Depends what you actually want.

If you want to just strip of the first DNS label (x.y.z => y.z, or y.z=>z)
then presumably a plain old regex can do that. If you want to do something
more like

somehost.example.com => example.com
or
somehost.example.co.uk => example.co.uk
or
example.co.uk => example.co.uk
or
something.whatever.example.com => example.com

then that's a whole separate can of worms - see
http://lists.exim.org/lurker/message/20050917.154150.f86b7567.en.html
and
http://lists.exim.org/lurker/message/20050919.145010.ebad4075.en.html

--
Dave Evans
http://djce.org.uk/
http://djce.org.uk/pgpkey
Attachments: signature.asc (0.18 KB)


gpeel at thenetnow

Aug 26, 2008, 7:07 PM

Post #3 of 5 (268 views)
Permalink
Re: Greylist -Hosts sending from Multiple MX's. [In reply to]
Dave,

I am thinking I would need the second (more complicated) solution.

Then again, nothing is ever as simple I as think it should be.

Thanks for the links,

-Grant

----- Original Message -----
From: "Dave Evans" <exim-users-20080324[at]djce.org.uk>
To: <exim-users[at]exim.org>
Sent: Tuesday, August 26, 2008 5:35 PM
Subject: Re: [exim] Greylist -Hosts sending from Multiple MX's.


> --
> ## List details at http://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


chris.laif at googlemail

Aug 26, 2008, 11:10 PM

Post #4 of 5 (263 views)
Permalink
Re: Greylist -Hosts sending from Multiple MX's. [In reply to]
On Tue, Aug 26, 2008 at 11:17 PM, Grant Peel <gpeel[at]thenetnow.com> wrote:
> Hi all,
>
> A few months back, with alot of help from this list, I implimented
> GREYLISTING (which is working well), with one exception:
>
> Some ISPs (mail hosting farms, Spam scanning services etc, sometimes resend
> from a different MX each retry period, which, obviously, causes some serious
> email delays - todays for example, was delayed about 8 hours.
>

We observe good results by using the combination of

${mask:$sender_host_address/24}
${lc:$sender_address_domain}
$local_part@$domain

as the primary key for greylisting lookup.

Of course this does not help if the sending hosts are distributed
across multiple C-class subnets.

Chris

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


hagen at rz

Aug 27, 2008, 1:55 AM

Post #5 of 5 (262 views)
Permalink
Re: Greylist -Hosts sending from Multiple MX's. [In reply to]
Grant Peel schrieb:
> Hi all,
>
> A few months back, with alot of help from this list, I implimented
> GREYLISTING (which is working well), with one exception:
>
> Some ISPs (mail hosting farms, Spam scanning services etc, sometimes resend
> from a different MX each retry period, which, obviously, causes some serious
> email delays - todays for example, was delayed about 8 hours.
>
> Question: Is there an expression we can add that will only look at the FQDN
> or change the FQDN (as opposed to the full MX name?
As an alternative suggestion: the messages do come through, so you have
the sender-ips in your database with entries indicating that they passed
greylisting successfully. I consider it to be normal when using
greylisting, to analyse those ips that pass greylisting and to create
whitelists based on that analysis. E.g. an IP that again and again
passes shouldn't be subject to greylisting permanently.
So after some learning period, those ISPs should end on your "do not
greylist"-whitelist and the problem should disappear.

I suppose in your database-setup you need a cronjob to tidy up anyway.
Such an extension shouldn't be to difficult, just something like "select
ip, count(*) from table group by ip;"

--
CU,
Patrick.
Attachments: smime.p7s (5.75 KB)

exim users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact lists@gossamer-threads.com
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.