Re: [exim] exim + greylisting

Top Page
Delete this message
Reply to this message
Author: keith
Date:  
To: exim-users
Subject: Re: [exim] exim + greylisting
> > >
> > > Why do you need the MySQL backend?
> > >
> > Not neccessarily need it, but it is what I am more familar
> > with, then
> > could you suggest another greylisting solution?
>
> Yes, I played a bit with exim+perl and now we're using this:
>
>     http://www.schlittermann.de/doc/grey

>
> It uses Berkeley-DB-Files (from Perls 'DB_File'). As long as
> you do not
> need to share your greylist-DB with somebody else it should be ok.
>


I've been using emserver for the last few months, with very good results.

http://www.seacon.co.uk/software/emserver.html

I've made a few changes to the code to support an extra option, which you
may or may not want on your system. It works for me, but may not be any good
for someone else...

The change is implementing a sort of rolling blacklist. We get a lot of spam
targeting particular usernames that do not exists (and never have done, and
never will) yet have been consistently targeted for over a year. There is a
list of these addresses (not many, less than 10) and if something comes in
addressed to one of these it is rejected, but the details (sending email and
IP) are added to the rolling blacklist.

Entries on the rolling blacklist are deleted a couple of hours after they
are added, but they are self propagating in that if another email comes in
that is from either an email or IP that is on this blacklist, then this new
email is also rejected and the sending email address IP are added back into
the blacklist at that point. This has proved very effective for me, and is
easy to maintain (it basically looks after itself). It keeps track of those
changing their originating email address but staying on the same IP, and
even some botnets that use the same originating address but send from a
different IP.

As mentioned, this approach may not be of any use to you - everyone's
requirements are different, but it works for me.

This rolling blacklist, coupled with the greylisting and spamassasin, has
almost completely eliminated our spam problem, though I'm now preparing for
a deluge of spam after making that claim... ;-)

Regards,
Keith.