Re: [exim] Still a noob, but slowly improving. Greylisting …

Top Page
Delete this message
Reply to this message
Author: John W. Baxter
Date:  
To: exim-users
Subject: Re: [exim] Still a noob, but slowly improving. Greylisting with SMTP AUTH.
On one of the "customer-facing" IPs, no authentication, no send.

On the other, no authentication, OK to send from specific IP ranges where
our customers are. Not OK without authentication from elsewhere.

On either, port 587 requires authentication.

We'd like to move everyone to authentication, but there are old mail clients
around and old machines which can't use new ones. [For instance, it would
take a patch to Exim (which we think we know how to write, but haven't) to
get Outlook Express for Macintosh to authenticate: Exim and OE for Mac
agree on an authentication method, then the client uses something else.]

Our from-customer mail is not greylisted (that instance of Exim knows
nothing about greylisting). It hasn't been an issue.

--John
[I don't need a CC...one copy of the message is plenty.]

On 5/17/05 1:40 PM, "Jaye Mathisen" <mrcpu@???> wrote:

> Sure, but that really is beside the point.
>
> If you have a server that is publicly available that uses SMTP-AUTH,
> then for spammers that connect to it directly, are they disco'd, because they
> didn't use smtp-auth, so greylisting doesn't become an issue?
>
> And if it doesn't, then for your normal user that connects, authenticates, is
> the
> greylisting process bypassed?
>
> It could be there's something I don't understand in this whole picture, which
> certainly
> wouldn't be the first time.
>
> On Tue, May 17, 2005 at 01:59:33PM -0700, John W. Baxter wrote:
>> Depends on what host name they try to connect to. The two most obvious ones
>> don't run mail servers (and one of those is blocked for incoming port 25 at
>> the firewall). The firewall keeps many of the others isolated from port 25
>> connections from the world.
>>
>> --John
>>
>>
>> On 5/17/05 1:05 PM, "Jaye Mathisen" <mrcpu@???> wrote:
>>
>>> I can see this, but what about hosts that ignore MX records and
>>> just connect direct?
>>>
>>>
>>> On Tue, May 17, 2005 at 01:26:37PM -0700, John W. Baxter wrote:
>>>> On 5/17/05 12:53 PM, "Jaye Mathisen" <mrcpu@???> wrote:
>>>>
>>>>> I've been reading on greylisting, and thinking about integrating
>>>>> it.
>>>>>
>>>>> However, one question sticks in my head, if you authenticate auser via
>>>>> some SMTP-AUTH method, then is grey-listing bypassed?
>>>> Not an issue here, as the Exim instances that customers talk to are
>>>> separate
>>>> from the MX that the world talks to.
>>>>
>>>>>
>>>>> I was also thinking about going to really short intervals. Like 5
>>>>> minutes.
>>>>
>>>> We use a Python daemon we wrote here (which tracks using a MySQL database).
>>>> Exim gets a simple ACCEPT or DEFER back from the daemon, and acts
>>>> accordingly. (Mostly at RCTP TO: time, but we defer the <> sender and some
>>>> others to DATA time for greylisting (to avoid issues with those doing
>>>> callbacks), and we have whitelisting in a database with fairly fine-grained
>>>> control (not quite fine enough, unfortunately)).
>>>>
>>>> Keeps a lot of messages out of our system (including the new Sober), and
>>>> the
>>>> drivel that the machines infected with the new Sober are now spewing out.
>>>>
>>>> A process runs every 5 minutes to clean up the database.
>>>>
>>>> The separate daemon is much easier than trying to make Exim make the
>>>> decisions.
>>>>
>>>> --John
>>>>
>>>>
>>>>
>>>> --
>>>> ## List details at http://www.exim.org/mailman/listinfo/exim-users
>>>> ## Exim details at http://www.exim.org/
>>>> ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
>>>>
>>>>
>>>>
>>>>
>>
>>
>>
>> --
>> ## List details at http://www.exim.org/mailman/listinfo/exim-users
>> ## Exim details at http://www.exim.org/
>> ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
>>
>>
>> !DSPAM:428a5623708051190011448!
>>