[Mimedefang] Greylisting netmask
Jonas Eckerman
jonas_lists at frukt.org
Tue Feb 6 12:14:45 EST 2007
> One question:
> scenario a)
> A big hoster has multiple outbound servers; a message retried may be
> issued by any of them.
> scenario b)
> An ISP has multiple dynamic IP addresses.
> How do you differ both scenarios?
I don't.
I simply remove the last number of the dotted IP address before
using it in the greylist. The greylist triplets consists of this
stripped IP address, the recipient and a massacred/stripped
senders address. New triplets are black for 3 minutes.
A completely separate table contains the full IP addresses (but
no mail addresses) and is used to tempfail any never-seen-before
hosts the first 10 seconds, and to whitelist any host that has
succesfully bypassed the greylist (no point in greylisting a host
that retries). Obviously this check is done before ever involving
the normal greylist. (This table allready contained most hosts
sending mail to us before I started tempfailing new hosts for 10
seconds.)
Also done before involving the greylist are a bunch of checks
that excempts many legit systems/mails from the greylist.
So far the system has worked just fine, and results in most virus
and spam from zombies beeing stopped in filter_relay, while most
legit mail bypasses the greylist without delay, but if you tell
us about potential problems with it I would of course be thankful.
For more info just read the stuff at:
<http://whatever.frukt.org/mimedefangfilter.text.shtml>
Regards
/Jonas
--
Jonas Eckerman, FSDB & Fruktträdet
http://whatever.frukt.org/
http://www.fsdb.org/
http://www.frukt.org/
More information about the MIMEDefang
mailing list