Re: [exim] net-search

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMW B Hacker at <-
M 
Delete this message
Reply to this message
Author: Mike Cardwell
Date:  
To: Exim Mailing List
Subject: Re: [exim] net-search
Todd Lyons wrote:

>> The list is updated every 5 minutes based on Spamassassin scores. Any
>> servers that score less then zero are added but removed if they send a
>> message that scores over 5. Entries are only kept if they have been active
>> in last 28 days.
>>
>> Cannot believe how effective greylisting has been in reducing volume of
>> email.
>
> I wish that we could enable it globally. Lots of our customers nearly
> revolted when we tried to turn it on a couple years ago.
>
> I am going to work on making it a per mailbox option or a per domain
> option. Additionally, I want to make it so that any sender who is in
> a user address book will automatically be excluded from greylisting.
> Any of these will allow those who don't mind the delay to reap the
> benefits, whiles those who can't stand the fact that "my grandmother
> sent me an email 30 seconds ago and I still don't see it" won't have
> to talk to us. The combination of these items will make the system
> very malleable to the users' wants. Caveat: time permitting....

I'm not doing greylisting at the moment, but when I did do it, I came up
with a few configuration options to minimise when it took place. I
didn't want the greylisting to happen if the connecting host wasn't a
zombie so I came up with logic to detect non-zombies.

Don't greylist if one of these occurs:

1.) Zombies don't use encryption.
2.) If P0F detects the connecting host to be non-Windows (Used P0F for this)
3.) Zombies don't use the "SIZE" extension of ESMTP. So you check the
value of $smtp_command in the mail acl, ie: ${if match{$smtp_command}{\N
(SIZE=\d+)$\N}

I'm sure there were another couple of cases, but I haven't got the
config to hand anymore.

I also maintained a small whitelist of $sender_host_name values so I
didn't end up greylisting stuff like hotmail and facebook. Eg, my file
would contain stuff like:

*.hotmail.com
*.tfbnw.net

And I'd search it using:

${lookup{$sender_host_name}partial-lsearch{/path/to/whitelist}{true}{false}}

--
Mike Cardwell
(https://secure.grepular.com/) (http://perlcv.com/)

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] help needed with routing setup[exim] Permission denied when opening autoreply once DB->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)