[Mimedefang] greylisting does it still work?
Jeff Rife
mimedefang at nabs.net
Tue Apr 17 14:03:11 EDT 2007
On 17 Apr 2007 at 15:58, Jonas Eckerman wrote:
> Wayne wrote:
> > So did you setup a modified greylist for your filter_relay that rejects
> > all the hosts that you have never seen? Then you add that hostname to a
> > database table and then the next time they connect after 10 seconds you
> > let them in.
>
> Yes, that description fits quite well.
I can't see how this will stop anything more than greylisting by
itself.
If a host retries this just means they would have to try 3 times. If a
host doesn't retry, then greylisting by itself would weed them out,
although you would have to run filter_helo, _sender, and _recipient,
but those aren't generally expensive.
>From my database, it looks like filter_helo catches a lot of them
anyway. Of 4736 IPs with a single connection to my MX servers, 2558
were rejected in filter_helo, and 95 were from server farms where they
were within the same /24 as a greylisted entry. That's more than half
that are either legitimate or were rejected early anyway.
I also like that fact that _helo, _sender, and _recipient allow you to
delay the response back to the client, which _relay does not permit. I
delay rejections by 20 seconds (but I tempfail immediately).
--
Jeff Rife |
|
http://www.nabs.net/Cartoons/OverTheHedge/VelveetaAndRotel.gif
More information about the MIMEDefang
mailing list