Re: [exim] Extremely Simple(?) greylisting with exim?

Top Page
This message is part of the following thread:
M--\the complete thread tree sorted by date
M+\MChad Leigh at <-
MMMMMartin A. Brooks at ->
Delete this message
Reply to this message
Author: Marc Perkel
Date:  
To: Chad Leigh
CC: exim users
Subject: Re: [exim] Extremely Simple(?) greylisting with exim?


Chad Leigh -- Shire.Net LLC wrote:
> On Dec 26, 2006, at 8:11 AM, Marc Perkel wrote:
>
>
>> Here's a really simple solution to simple greylisting. Define 3 MX
>> records. Point the lowest and highest to dead IP addresses. Only the
>> middle one works. It will delay normal email about 30 seconds to one
>> minute when the MTA times out on the lowest MX. Requires no coding
>> at all.
>>
>
> I am not sure I would do that for any server that hosts a wide
> variety of email accounts, since the number of people sending you
> mail who may have screwed up MTAs may catch you up in a customer
> feedback complaint loop.
>
> However, I did implement this partially based on other things Marc
> has said. I set up two low priority MX hosts that are virtual hosts
> on the same machine as the normal mailhost. These lower priority
> ones automatically defer everything that hits them. The highest
> priority MX is full functional and sometimes there is a full
> functional second highest, so these "defer everything" ones are
> either #2 and #3 or #3 and #4. I am not keep statistics that show if
> attempts to contact these low priority MX hosts result in retires to
> the higher priority, but a cursory examination of the logs did not
> show anything like that, so it seems to be a good way to cheaply get
> rid of some zombie bot type spam attempts who attack lower priority
> MXs in the belief that defenses may be lower on them. I had a
> surprisingly high number of attempts to use these secondary MXs that
> defer considering the main mail server has been up 100% throughout
> this time (considering they are on the same HW, it is a good chance
> it will always be up when the secondaries are up barring some SW
> issues).
>
> I do greylisting use Marc Merlin's sa-exim with his greylisting
> module added. The load on my backend SA server has gone down as well
> so this secondary MX things seems to be OK so far. No customers are
> complaining about missing mail.
>
>
>

I've been doing that trick on the high numbered MX for 3 years and it
works. What I'm testing now is doing the same thing on the lowest MX and
it seems to be working. but ....

To make it qmail compatible you have to have port 25 closed on the
lowest numbered MX. Doing a DEFER will cause qmail to retry the lowest
MX forever.

Becuase you have to close port 25 it will delay all email about 1 minute.

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[exim] replace Received: fromRe: [exim] mysql_servers expansion->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)