Autor: Marc Perkel Data: A: Peter Bowyer CC: exim users Assumpte: Re: [exim] Greylisting - how do you implement?
Peter Bowyer wrote: > On 08/07/07, Renaud Allard <renaud@???> wrote:
>
>> Martin A. Brooks wrote:
>>
>>> Marc Perkel wrote:
>>>
>>>> I have a reall simple way to do it. And I'm using it on several hundred
>>>> domains and it works. Suppose you have 1 MX record. Add 2 more dummies.
>>>>
>>>> dummy1.example.com 10
>>>> real.example.com 20
>>>> dummy2.example.com 30
>>>>
>>>> Gets rid of almost all your bot spam and is far faster and easier than
>>>> greylisting.
>>>>
>>> Derrick asks about greylisting. You, effectively, give him advice about
>>> making strawberry cheese cake
>>>
>> I don't totally agree. The solution Mark Perkel explained is about the
>> same in effect as greylisting but is much more simple to implement.
>> The drawbacks of his solution are:
>> -you cannot whitelist
>> -you cannot control the minimum retry time
>> -you must have more than one IP
>> The good point is:
>> -extremely simple to implement
>> -very lightweight
>>
>
> My big worry about this is that you're completely dependent on the
> behaviour of the other MTA - you've no logging, nothing to tweak,
> can't whitelist, just have to trust that the people sending you wanted
> mail are going to do the 'right thing'. That alone has kept me from
> trying it.
>
> Peter
>
It doesn't require special whitelisting although you could if you wanted
to. If the dead IP which is the lowest MX were dead to everyone except a
white list that you would set with iptables then you could whitelist.
But it's not really necessary. And technically you don't have to have 3
IP addresses. All you have to do is point the bogus MX records to any IP
with port 25 closed.
Why you'll notice is that 90% of your bot net spam goes away. I'm doing
it and it works.