You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Rick Macdougall <ri...@ummm-beer.com> on 2006/11/20 23:49:27 UTC
Re: Greylisting
Vahric MUHTARYAN wrote:
> Hello Everybody,
>
> I'm using SA for a long time without any problem, nowadays spammers are using too much graphical objects and they are tring to change it day by day. I'm tring to use fuzzyocr but it's taking too much cpu. I think that try greylisting . I wonder are there anybody use greylisting ? Somebody can give me feedback ?
>
Hi,
I use it with great success (300-400 spams a day dropped to 2-3 a week)
using qmail.
You WILL have to add some IP's to a white list to not block braindead
exchange (older versions) and Groupwise (lotus notes) servers that
bounce on a 421 - Please try again later, instead of trying again later.
Since it's not really an SA question, you might be better off asking on
your MTA's mailing list.
Regards,
Rick
Re: Greylisting
Posted by Rick Macdougall <ri...@ummm-beer.com>.
Vahric MUHTARYAN wrote:
> Hello,
>
> Do you come across with any problem from your clients for mails are not
> arriving at right time ? Because I afraid of people mta's all of them
> are configured with different retry times .
Hi,
We whitelist the major providers and people like Yahoo and Gmail, etc.
We have our retry delay limit set at 1 minute, so most normal servers
will retry at a maximum of 15 minutes and be successful.
Like someone else mentioned, there are a lot of brain dead servers out
there and I have seen a server retry 8 hours later.
I've never seen anything greater than 8 hours though and once it does go
through, that tuple is whitelisted for 45 days (with my setup anyways).
Regards,
Rick
Re: Greylisting - branching further off topic
Posted by Matt Hampton <ma...@coders.co.uk>.
Benny Pedersen wrote:
> On Tue, November 21, 2006 00:23, Michele Neylon :: Blacknight wrote:
>> Dylan Bouterse wrote:
>>> Do you have a compiled list of those IPs? And what method are you using
>>> to whitelist? Email offlist if more appropriate. Thanks!
>> We whitelist the main Irish ISPs, so our list wouldn't be of much use to
>> you unless you were in Ireland :)
>
> i do the same exatly here, just for danmark, no isp should imho be greylisted
>
> i solved it by using marbl, search for this postfix policy on google
>
> that means greylist if connecting ip is listed on a rbl list, it works nice here
>
> olso whitelist ips that typical send forwarded mails, important if you have
> spf test in mta level
>
I am running a small test "real time whitelist" (RWL) suitable for for
this. It currently has those addresses that milter-greylist provides
(plus a few others) and I intended to open this up for people to test.
I am looking for some comments on a policy to add IP addresses to the
list. If anyone has any suggests please email me off list.
Also if anyone is interested in a patched version of smf-grey which
supports RBLs and RWLs then please let me no - again off list
regards
Matt
Re: Greylisting
Posted by Benny Pedersen <me...@junc.org>.
On Tue, November 21, 2006 00:23, Michele Neylon :: Blacknight wrote:
> Dylan Bouterse wrote:
>> Do you have a compiled list of those IPs? And what method are you using
>> to whitelist? Email offlist if more appropriate. Thanks!
> We whitelist the main Irish ISPs, so our list wouldn't be of much use to
> you unless you were in Ireland :)
i do the same exatly here, just for danmark, no isp should imho be greylisted
i solved it by using marbl, search for this postfix policy on google
that means greylist if connecting ip is listed on a rbl list, it works nice here
olso whitelist ips that typical send forwarded mails, important if you have
spf test in mta level
--
This message was sent using 100% recycled spam mails.
Re: Greylisting
Posted by "Michele Neylon :: Blacknight" <mi...@blacknight.ie>.
Dylan Bouterse wrote:
> Do you have a compiled list of those IPs? And what method are you using
> to whitelist? Email offlist if more appropriate. Thanks!
>
We whitelist the main Irish ISPs, so our list wouldn't be of much use to
you unless you were in Ireland :)
--
Mr Michele Neylon
Blacknight Solutions
Hosting & Colocation, Brand Protection
http://www.blacknight.ie/
http://blog.blacknight.ie/
Tel. 1850 927 280
Intl. +353 (0) 59 9183072
UK: 0870 163 0607
Fax. +353 (0) 59 9164239
Re: Greylisting
Posted by Leander Koornneef <l....@ic-s.nl>.
On 21-nov-2006, at 0:21, Dylan Bouterse wrote:
> Do you have a compiled list of those IPs? And what method are you
> using
> to whitelist? Email offlist if more appropriate. Thanks!
>
Postgrey, for instance, comes with its own whitelist. I presume most
greylisting software does?
Leander
>
>> -----Original Message-----
>> From: Michele Neylon :: Blacknight [mailto:michele@blacknight.ie]
>> Sent: Monday, November 20, 2006 6:01 PM
>> To: users@spamassassin.apache.org
>> Subject: Re: Greylisting
>>
>> Vahric MUHTARYAN wrote:
>>> Hello,
>>>
>>> Do you come across with any problem from your clients for mails are
> not
>>> arriving at right time ? Because I afraid of people mta's all of
> them
>>> are configured with different retry times .
>>>
>>
>> We whitelist the main ISPs SMTPs to avoid this issue
RE: Greylisting
Posted by Dylan Bouterse <dy...@corp.power1.com>.
Do you have a compiled list of those IPs? And what method are you using
to whitelist? Email offlist if more appropriate. Thanks!
Dylan
> -----Original Message-----
> From: Michele Neylon :: Blacknight [mailto:michele@blacknight.ie]
> Sent: Monday, November 20, 2006 6:01 PM
> To: users@spamassassin.apache.org
> Subject: Re: Greylisting
>
> Vahric MUHTARYAN wrote:
> > Hello,
> >
> > Do you come across with any problem from your clients for mails are
not
> > arriving at right time ? Because I afraid of people mta's all of
them
> > are configured with different retry times .
> >
>
> We whitelist the main ISPs SMTPs to avoid this issue
>
>
> --
> Mr Michele Neylon
> Blacknight Solutions
> Hosting & Colocation, Brand Protection
> http://www.blacknight.ie/
> http://blog.blacknight.ie/
> Tel. 1850 927 280
> Intl. +353 (0) 59 9183072
> UK: 0870 163 0607
> Fax. +353 (0) 59 9164239
Re: Greylisting
Posted by "Michele Neylon :: Blacknight" <mi...@blacknight.ie>.
Vahric MUHTARYAN wrote:
> Hello,
>
> Do you come across with any problem from your clients for mails are not
> arriving at right time ? Because I afraid of people mta's all of them
> are configured with different retry times .
>
We whitelist the main ISPs SMTPs to avoid this issue
--
Mr Michele Neylon
Blacknight Solutions
Hosting & Colocation, Brand Protection
http://www.blacknight.ie/
http://blog.blacknight.ie/
Tel. 1850 927 280
Intl. +353 (0) 59 9183072
UK: 0870 163 0607
Fax. +353 (0) 59 9164239
Re: Greylisting
Posted by Philip Prindeville <ph...@redfish-solutions.com>.
John D. Hardin wrote:
>On Tue, 21 Nov 2006, Vahric MUHTARYAN wrote:
>
>
>
>>Do you come across with any problem from your clients for mails are not
>>arriving at right time ? Because I afraid of people mta's all of them are
>>configured with different retry times .
>>
>>
>
>Whitelist your clients' known MTA IP addresses.
>
>Greylisting is supposed to throttle connections from J. Random MTA,
>not sites with whom you are regularly exchanging legitimate email.
>
>
But that's the point, isn't it?
Graylisting needs to both pay attention to whom you've
received email from in the past, and track outgoing email
and automatically add the recipients on outgoing email
to your graylist.
Now, are you graylisting based on the remote end's
IP address? Or on the mail from:?
Because the former seems to be more reliable, but at the
same time more work: you need to look at the outgoing
email's domain, then try to figure out who their MX'ers
and SPF'ers are. Of course, if they use different hosts
for incoming and outgoing mail, then this falls on its
face...
Which a lot of large companies do: Cisco, Albertsons...
-Philip
Re: Greylisting
Posted by "John D. Hardin" <jh...@impsec.org>.
On Tue, 21 Nov 2006, Vahric MUHTARYAN wrote:
> Do you come across with any problem from your clients for mails are not
> arriving at right time ? Because I afraid of people mta's all of them are
> configured with different retry times .
Whitelist your clients' known MTA IP addresses.
Greylisting is supposed to throttle connections from J. Random MTA,
not sites with whom you are regularly exchanging legitimate email.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
A sword is never a killer, it is but a tool in the killer's hands.
-- Lucius Annaeus Seneca (Martial) 4BC-65AD
-----------------------------------------------------------------------
Re: Greylisting
Posted by Vahric MUHTARYAN <va...@doruk.net.tr>.
Hello,
Do you come across with any problem from your clients for mails are not
arriving at right time ? Because I afraid of people mta's all of them are
configured with different retry times .
Regards
Vahric
----- Original Message -----
From: "Rick Macdougall" <ri...@ummm-beer.com>
To: <us...@spamassassin.apache.org>
Sent: Tuesday, November 21, 2006 12:49 AM
Subject: Re: Greylisting
> Vahric MUHTARYAN wrote:
>> Hello Everybody, I'm using SA for a long time without any problem,
>> nowadays spammers are using too much graphical objects and they are tring
>> to change it day by day. I'm tring to use fuzzyocr but it's taking too
>> much cpu. I think that try greylisting . I wonder are there anybody use
>> greylisting ? Somebody can give me feedback ?
>
> Hi,
>
> I use it with great success (300-400 spams a day dropped to 2-3 a week)
> using qmail.
>
> You WILL have to add some IP's to a white list to not block braindead
> exchange (older versions) and Groupwise (lotus notes) servers that bounce
> on a 421 - Please try again later, instead of trying again later.
>
> Since it's not really an SA question, you might be better off asking on
> your MTA's mailing list.
>
> Regards,
>
> Rick
>
Re: OT sendmail mailing list - WAS:Re: Greylisting
Posted by Jerry K <sp...@oryx.cc>.
Thanks to everyone for your replies.
I was pretty sure that there were no sendmail mailing list, but I wanted
to check again after Rick's comments (below).
Jerry
Jerry Kemp wrote:
> Can anyone suggest a 'sendmail' mailing list?
>
> I am aware of NNTP comp.mail.sendmail Usenet news.
>
> Thanks,
>
> Jerry
>
>
> Rick Macdougall wrote:
>> Vahric MUHTARYAN wrote:
>>> Hello Everybody,
>>> I'm using SA for a long time without any problem, nowadays
>>> spammers are using too much graphical objects and they are tring to
>>> change it day by day. I'm tring to use fuzzyocr but it's taking too
>>> much cpu. I think that try greylisting . I wonder are there anybody
>>> use greylisting ? Somebody can give me feedback ?
>>
>> Hi,
>>
>> I use it with great success (300-400 spams a day dropped to 2-3 a
>> week) using qmail.
>>
>> You WILL have to add some IP's to a white list to not block braindead
>> exchange (older versions) and Groupwise (lotus notes) servers that
>> bounce on a 421 - Please try again later, instead of trying again later.
>>
>> Since it's not really an SA question, you might be better off asking
>> on your MTA's mailing list.
>>
>> Regards,
>>
>> Rick
OT sendmail mailing list - WAS:Re: Greylisting
Posted by Jerry Kemp <sp...@oryx.cc>.
Can anyone suggest a 'sendmail' mailing list?
I am aware of NNTP comp.mail.sendmail Usenet news.
Thanks,
Jerry
Rick Macdougall wrote:
> Vahric MUHTARYAN wrote:
>> Hello Everybody,
>> I'm using SA for a long time without any problem, nowadays
>> spammers are using too much graphical objects and they are tring to
>> change it day by day. I'm tring to use fuzzyocr but it's taking too
>> much cpu. I think that try greylisting . I wonder are there anybody
>> use greylisting ? Somebody can give me feedback ?
>
> Hi,
>
> I use it with great success (300-400 spams a day dropped to 2-3 a week)
> using qmail.
>
> You WILL have to add some IP's to a white list to not block braindead
> exchange (older versions) and Groupwise (lotus notes) servers that
> bounce on a 421 - Please try again later, instead of trying again later.
>
> Since it's not really an SA question, you might be better off asking on
> your MTA's mailing list.
>
> Regards,
>
> Rick