[Mimedefang] Greylisting netmask

Jonas Eckerman jonas_lists at frukt.org
Wed Feb 7 09:30:27 EST 2007 

Jeff Rife wrote:

> So, if I understand correctly, a new host will be delayed for two retry 
> intervals...once when it is tempfailed for being a new host, then again 
> by the greylist when it retries the first time.

Some new hosts, yes. Many hosts are excempted from both those 
checks, and many mails are excempted from the greylist (more on 
the below).

Also, most of the hosts sending mail to us was allready in the 
table that lets them bypass those two checks before I enabled the 
first tempfail.

 > Although I don't mind the delay of greylisting, for some
 > servers this would put you into the "slow" queue and make
 > that third try occur 4-8 hours after the first.  That
 > long of a delay might be an issue, even at my site where
 > it's more casual than most places.

It was over a year since the last time a user complained about a 
delay here.

Generally, most mails aren't delayed at all, and people do accept 
the occasional delay as a price for the excellent perfomance of 
our spam filter.

Of course, different sites have different mail flows and what 
works fine for us might work terribly bad for others.

Please go to 
<http://whatever.frukt.org/mimedefangfilter.text.shtml> if you 
want to know exactly how it works.

Here's a clip of settings for the greylisting, wich might give 
some hints as to the excemptions from the new-host-delay and the 
greylist:

---8<---
# If GDB_HostWhite is set, hosts will be whitelisted for that time
# after a mail from them has been accepted. This will be reset 
when a mail get
# a spam score greater than GDB_HostReset.
# If GDB_HostBlack is set, a host will be blacklisted for that 
time after
# it's very first connection attempt.
#
# If GDB_Subnet is true, only the first 3 octes of the 
IP-addresses will be
# used in the greylist.
# If GDB_FromDomain is true, only the domain part of the mail 
from: address
# will be used in the greylist.
# If GDB_ToDomain is true, only the domain part of the rcpt to: 
address
# will be used in the greylist.
# If GDB_FromStrip is true, some stuff in the user part of the 
mail from:
# address will be replaced in order to handle mailinglists and 
some other
# stuff better.
# If GDB_ToStrip is true, some stuff in the user part of the rcpt to:
# address will be replaced in order to handle use parameters and 
some other
# stuff better.
#
# A list of tests that hosts much match for the greylist to be 
used is
# specified as semi-colon separated fields in Greylist.
# If a test is prefixed with "!" or "not " it will count as a 
match when
# it doesn't match.
# If it is prefixed with "?" or "except " (before eventual "!" or 
"not ")
# a match means that the greylist will not be used.
# The following tests are available:
# Dynamic : Matches on dynamic-looking reverse lookup hostnames.
# Server : Matches on  reverse lookup hostnames looking like 
server names.
# DNSBL[:domain,domain,...] : Checks the IP addresses in the 
listed DNS
# blacklists. If not blacklists are listed, default lists is used.
# Country<:country_or_code,country_or_code,...> : Matches the top 
level part
# of the domain and the country or country coce of origin for the 
IP address.
# OperatingSystem<:strings> : Matches against the OS reported by 
IP2OS.
# Host<:domain,domain,...> : Matches against the reverse lookup 
hostname.
# RelayDB : Matches if IP address has one or more spam in the 
relaydb.
# NoSpamDB : Matches if relay or sender has remembered spam in 
the nospamdb.
# SentOutDB : Maches if mail looks like a reply to a mail in the 
sent out db.
# All : Allways matches.
#
# GDB_Keep, GDB_KeepHost and GDB_KeepMsg tells the cleaner how 
long to keep
# in the database records.
#***********************************************************************
Greylist	 
!rdns;?os:novell;?dnsbl:list.dnswl.org;d;?s;?sodb;!c:se,org;rdb;nsdb
Greylist		dnsbl:combined.njabl.org,dnsbl.sorbs.net
Greylist	 
dnsbl:dnsbl-3.uceprotect.net,dnsbl-2.uceprotect.net,dnsbl-1.uceprotect.net
GDB_Black		3*60
GDB_Grey		72*60*60
GDB_White		36*24*60*60
GDB_HostWhite		7*24*60*60
GDB_HostBlack		10
GDB_Reset		20
GDB_HostReset		5
GDB_Subnet		1
GDB_FromDomain		0
GDB_FromStrip		1
GDB_ToDomain		0
GDB_ToStrip		1
GDB_Keep		60*24*60*60
GDB_KeepHost		60*24*60*60
GDB_KeepMsg		60*24*60*60
---8<---

Regards
/Jonas
-- 
Jonas Eckerman, FSDB & Fruktträdet
http://whatever.frukt.org/
http://www.fsdb.org/
http://www.frukt.org/

More information about the MIMEDefang mailing list