[exim] Penalty Box Greylisting

Top Page
Delete this message
Reply to this message
Author: Marc Perkel
Date:  
To: exim-users
Old-Topics: RE: [exim] Greylisting
Subject: [exim] Penalty Box Greylisting


Jan-Peter Koopmann wrote:

>Hi Marc,
>
>
>How? What ACL that you use has the same effect as greylisting?
>
>Regards,
> JP
>
>
>

I'm still experimenting but what I'm doing is trying to reduce server
loads without first penalizing good email.

So what I'm doing is after I get a spam from an email address I add that
email address to a text file and for the next hour I return temporary
errors for any mail coming from that email address. I do that with a
simple acl that does a lookup on that file. I also greylist from
addresses that fail the sender verify test (using the exim snapshot to
do this accurately) so that if I'm being hammered by a spammer - I don't
have to do continous sender verification of the same spammer. So after I
have an email address that fails to verify I add that to the list. The
next time they try the are in the list and get a temp error.

So - hw do I limit the time to an hour? It's crud and simple. I have a
cron job that empties the list every hour. Sweet - simple - and it works.

In addition to making a list of from addresses in the penalty box - I
also keep a list of offending hosts that I put in the penalty box. I do
the same theng. Either an ACL or a filter rule appends a file of IP
addresses - the list of IP addresses is used by an ACL to return
temporary failures to and host listed - and the list is emptied out
every hour.

The ones that make it in this list are spammers who sent a spam that was
addressed to 3 or more recitients. If the host is blacklisted in
spamhaus I add them thinking it take less time to search the list
locally than it does to keep hitting spamhaus over and over with the
same hosts.

I'm just experimenting with this now - but the good part is that if it
makes a mistake - it only delays the message for up to an hour. Every
hour all lists are cleared. And - it gets rid of the spammers who are
hammering my server.

--
Marc Perkel - marc@???

Spam Filter: http://www.junkemailfilter.com
    My Blog: http://marc.perkel.com
My Religion: http://www.churchofreality.org
~ "If it's real - we believe in it!" ~