RE: [exim] Penalty Box Greylisting

Top Pagina
Delete this message
Reply to this message
Auteur: Jan-Peter Koopmann
Datum:  
Aan: Marc Perkel, exim-users
CC: 
Onderwerp: RE: [exim] Penalty Box Greylisting
Hi Marc,

> So what I'm doing is after I get a spam from an email address
> I add that email address to a text file and for the next hour
> I return temporary errors for any mail coming from that email
> address.


I can see how this might help a bit but that's not greylisting is it? Greylisting should prevent the initial spam coming in. Your method depends on letting spam come through, identifiy/tag it and then deny further e-mails from that address for the next hour. Personally I rarely see spam coming in from the same e-mail or IP addresses. Does this really help?

> that file. I also greylist from addresses that fail the
> sender verify test (using the exim snapshot to do this
> accurately) so that if I'm being hammered by a spammer - I
> don't have to do continous sender verification of the same
> spammer.


I thought exim is caching callouts and sender verification in which case being hammered by a single spammer would not bother you in that respect.

> So after I have an email address that fails to
> verify I add that to the list. The next time they try the are
> in the list and get a temp error.


Are we talking sender verify or callout?

> I'm just experimenting with this now - but the good part is
> that if it makes a mistake - it only delays the message for
> up to an hour. Every hour all lists are cleared. And - it
> gets rid of the spammers who are hammering my server.


I do not like using greylisting for all mails since it takes too long for the initial mail to come through. If a stupid postmaster only retries every 30 or 60 minutes, the first message of a new customer etc. takes more than one hour to reach me. Currently we are delaying the SMTP protocol if something is fishy about the mail (like sender callout, HELO checks, IP in one of the usual blacklists). This and enforcing SMTP sync helps a lot. I am thinking about adding greylisting in its classical form but only for those fishy mails and only for 10-14 minutes (assuming most MTAs are defaulting to 15 minute retrys).


Regards,
JP