[Mimedefang] greylisting does it still work?
Jeff Rife
mimedefang at nabs.net
Wed Apr 18 09:17:47 EDT 2007
On 18 Apr 2007 at 13:38, Jonas Eckerman wrote:
> Jeff Rife wrote:
>
> [About tempfailing previously unseen hosts...]
>
> > I can't see how this will stop anything more than greylisting by
> > itself.
>
> It doesn't. What it does is stop connections from many zombies
> and virus infected machines in a much earlier stage than the
> normal greylist.
But only once. After that, if the zombie IP hits you again, it's in
your database and doesn't get stopped at _relay.
> Since my normal greylist tempfails after DATA, this makes a
> difference.
OK, I only tempfail from '<>' in filter_begin. Otherwise, I tempfail
in filter_recipient. I use the same "greylist_check" sub and call it
from both places, but has the following at the top to make sure it only
runs at the right time:
unless ($sender eq '<>' xor $InMessageContext)
> I would also have to actually receive the whole mail, wich is
> expensive.
>
> This is done because some braindead mail servers doesn't (or
> didn't) understand tempfails as answers to RCPT.
My response to that is to ignore it, since so many large places (Yahoo,
Verizon, Comcast) will tempfail after RCPT for various
reasons...probably not greylisting, though. If you can't send mail to
any of those places, you'll fix the problem pretty quick.
> Also, filter_recipient will contact (through SMTP) the storing
> servers (one of wich isn't on our LAN) to verify each recipient.
> While not as expensive as virus checks and SA, it isn't really
> cheap either.
Since you already have a database for greylisting, why not put the
valid recipients there, too? Use a cron job to update it on whatever
basis makes sense. My current setup is small, but at my old job I used
MD and did this for about 2000 e-mail users.
--
Jeff Rife | Sam: What d'ya say to a beer, Normie?
|
| Norm: Hi, sailor...new in town?
More information about the MIMEDefang
mailing list