[Mimedefang] Greylisting
netguy
netguy at sound-networking.com
Thu Dec 15 10:45:22 EST 2005
Hi All, Brian
Brian Leyton wrote:
>I am relatively new to MIMEDefang, and I'm very happy with what I've been
>able to do so far. I'd like to take things to a higher level though, and
>one of the areas I'd like to work on is greylisting. I've seen a couple of
>emails in the archives, and I've tried using Jonas Eckerman's filter on my
>system.
>
>
>
[snip]
>If there's no (simple) way to do this, then is there another MIMEDefang
>greylisting implementation around that might work better on Fedora?
>
>
Although the graylisting that I use isn't a MIMEDefang implementation
you might find some of this useful.
I have a small amount of eMail clients using Fedora core 4. When I
'turned-up' graylisting in June 05, spam ( and virus ) dropped by 70%
immediately. Gone, None, Notta. Check out www.puremagic.com These
folks have written a sendmail milter that runs as a seperate process
before MIMEDefang can get a chance. I am not a programmer, but have
fiddled my way around Linux boxes for about 10 years, so I don't know
all of the internal workings of these systems. I do know that if you
install graylisting as stipulated in the instructions, you shouldn't
have any problems. Your mileage may vary.
The whitelist is important. We have problems with other folks mail
servers that are not RFC compliant. For instance, Montanasky.net ( mac
based ) and KVIS here in Libby do NOT operate proper servers. Instead,
they drop eMail if it tempfails, and do not try to resend as the RFC
calls for. Go figure. PayPal does not resend, as with a few others
that are legit but are too busy or don't care. Hotmail, Yahoo, Verizon
and Comcast all have specific SMTP servers that are used so you can add
them to the whitelist. AOL seems to change, but they do resend. If I
have a sending MTA that a certain customer complains about that they are
not getting eMail from, I open a /24 for it and watch it for awhile to
get a drift on what IP's the mail servers are coming from.
If you do implement this version, remember to do the DB_maint stuff as
the database gets big fast!
One of the things that I am looking at now is a statistical spam attack
that is decided by users, NOT ME. MIMEDefang is heuristics and stuff
needed to be decided by someone. Don't get me wrong, I don't know where
I would be without it and I have been a user for 3 to 4 years ( don't
remember exactly ) and I used to track stuff to show customers. When I
implemented graylisting, it all went away. I rarely see a "SPAM"
warning in the mail logs now.
After you do implement graylisting, be prepared for customer that call
complaining that they aren't getting any eMail. You have to grin when
you tell them that they are still getting eMail, just not all the spam!
Sure, the spammers will catchup and start resending, and I hope that I
can have the statistical processes in and operational by then. I don't
remember the site where I read about this stuff or I would post it
here. If anybody is interested, I will find it and post.
todh
>Brian Leyton
>IT Manager
>Commercial Petroleum Equipment
>_______________________________________________
>NOTE: If there is a disclaimer or other legal boilerplate in the above
>message, it is NULL AND VOID. You may ignore it.
>
>Visit http://www.mimedefang.org and http://www.roaringpenguin.com
>MIMEDefang mailing list MIMEDefang at lists.roaringpenguin.com
>http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
>
>
>
More information about the MIMEDefang
mailing list