RE: [exim] Penalty Box Greylisting

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Jan-Peter Koopmann
Date:  
À: Marc Perkel, exim-users
CC: 
Sujet: RE: [exim] Penalty Box Greylisting
Hi Marc,

> I see spams comming from the same place a lot. Sometimes they
> continuously hammer me with dictionary attacks. That's what
> I'm trying to eliminate.


I see. Agreed, in that case this helps.

> Unless I'm doing something wrong - there doesn't seem to be
> any caching of callouts. At least not on a global basis. This
> essentially creates caching of sender verify callouts.


Have a look at the exim docs chapter 38.23. "Callout caching".

"Exim caches the results of callouts in order to reduce the amount of resources used, unless you specify the no_cache parameter with the callout option. A hints database called "callout" is used for the cache. Two different record types are used: one records the result of a callout check for a specific address, and the other records information that applies to the entire domain (for example, that it accepts the local part postmaster)." etc.

> Yes - sender verify callout. I fugure that if a sender verify
> fails - with will probably fail again 15 seconds later.


Sure it will.

> I'm
> trying to avoid pissing off innocent hosts with a stream of
> sender verify callouts. If the sender verify fails - it is
> remembered for up to an hour.


There is legitimate mail though which comes from mail accounts that fail sender callouts. Often big companies tend to be dumb enough to use addresses for invoices, marketing mail etc. that are not reachable. You might defer or even loose such mail if you put those mails in the penalty box "just" because sender callout fails.

> This is mostly to prevent hosts that hammer me and to prevent
> repeated callouts for the same sender.


Again: For repeated callouts for the same sender look at callout caching. It should do what you want and if it does you should not reinvent the wheel.

Regards,
JP