Re: [Exim] Greylisting + multiple MX hosts -> multiple attem…

Inizio della pagina
Delete this message
Reply to this message
Autore: Alun
Data:  
To: Alan J. Flavell
CC: Exim users list
Nuovi argomenti: Re: [Exim] Greylisting -> only for not known spam or ham
Oggetto: Re: [Exim] Greylisting + multiple MX hosts -> multiple attempts
"Alan J. Flavell" (a.flavell@???) said, in message
    <Pine.LNX.4.53.0403221710220.26041@???>:

>
> Earlier today, I spotted a target host using greylisting on us
> (hello, Aber, this means you ;-)


Hello!

> The answer was that their MX entry pointed to three IP addresses, and
> as the retry time came around, we were making three retries in rapid
> succession to them. As Chris E said to me, this is in fact correct
> behaviour in response to a 4xx status; it just so happens that - in
> the case of greylisting - the repeat attempts are a rather pointless
> activity.


Indeed.

When I first knocked together greylisting here, I was using DBM files,
one on each server, to store the retry information. I was also using
the IP address as part of the key, as recommended at puremagic.com.
This bit us quite quickly because hosts with multiple outbound servers,
hitting our independent databases, could get greylisted almost
indefinitely.

I'm now using ${readsocket{... in the recipient ACL to drop the
sender/recipient/IP info into a perl script which talks to a
centralised MySQL database. The system doesn't use the IP address
as part of the key, and fails safe to allows mail
through if it can't get any answer back from the socket.

warn    set acl_m1 = ${readsocket{/var/run/exim_sockd.sock}{GREYLIST
${lc:$sender_address} ${lc:$local_part@$domain} $sender_host_address}{3s}{\n}{0
}}
defer domains = +local_domains
          hosts = !+relay_hosts
          recipients = !postmaster@???
          recipients = !notspam@???
          condition = ${if eq {$acl_m1}{0}{0}{1}}
          message = Greylisted for ${if >{$acl_m1}{119}{${eval:$acl_m1/60}
minutes}{$acl_m1 seconds}} more.


We've been running with greylisting in this form since mid September
and we've had less than 20 complaints about failed legitimate mail (all
due to bizarre retry behaviour at the other end or ancient, broken MTAs).
I estimate it's dropped the amount of spam we receive by 85-90%.

My greylisting perl module is available for perusal at

http://users.aber.ac.uk/auj/Greylist.pm.txt

Cheers,
Alun.

--
/P{def}def/E{curveto}P/N{moveto}P/G{lineto}P/U{setgray}P/I{fill}P/n{stroke}P
(2V<;;F<K5F5=8<5K-/3/6//C3?/367/W/O6/-0+3'//K3?/3:[0[/WB>>H<W6/;/C///1W'T1Q)
6 6 scale .2 setlinewidth 1 .7 0 setrgbcolor{}forall N G G I 0 U N E E E E E
I 1 U N E E E gsave I grestore 0 U n .3 U N E E n 1 0 360 arc I showpage%auj