To All, I too have been thinking a lot about greylisting, and before spending the time on the MIMEDefang front (as I think it's much better to have it hooked in there, unless someone can say otherwise ;-) I thought I'd try it as a milter add-on: http://hcpnet.free.fr/milter-greylist/
I made it run as the defang user, and placed all the pid, dump and sock files in the MIMEDefang spool directory (as I know defang has all the right permissions). Added the following to my sendmail mc file: INPUT_MAIL_FILTER(`greylist', \ `S=local:/var/spool/MIMEDefang/milter-greylist.sock') define(`confMILTER_MACROS_CONNECT', `j, {if_addr}') and used the greylist.conf file to whitelist by default, only add a header if delayed, and specifically process one of the recipients that get 1000's of spam (on an old domain). I'm a little worried on the effect of the confMILTER_MACROS_CONNECT macro, but it hasn't hurt MIMEDefang (that I can notice), so I need to do some background reading on it. David, would this break some of the MIMEDefang milter code by not passing the default (not figured out what that is, I should look in the cvs diff output.. just not had the time). Settings of the greylisting, in the way of timing, is still hit and miss for me. I might look at the effect of David's 40d whitelist time. The only issue I have is how to monitor it. Actually, the user I had set it up for said that in 1 day the results were noticeable, by the lack of spam emails. But that doesn't help my calculations. I actually only block for 10 minutes, but if an email server connects, it might get blacklisted 3 to 5 times in those 10 minutes then get whitelisted. That doesn't mean that for 5 blocks, I get one good email. Maybe I just need to grab IP's, and see how many never retry..? I'm curious to try out the milter netguy mentioned, and see how that runs. One other major problem I've run into, is ISP's providing additional MX records in the DNS. So the spam systems that follow the "If the first attempt to send email fails, try the next MX" happens, then the ISP sends it on, which will make it past the blacklist, and if the ISP is whitelisted by IP alone, means the spam gets in. -Paul On Thu, Dec 15, 2005 at 08:45:22AM -0700, netguy wrote: [snip...] > I have a small amount of eMail clients using Fedora core 4. When I > 'turned-up' graylisting in June 05, spam ( and virus ) dropped by 70% > immediately. Gone, None, Notta. Check out www.puremagic.com These > folks have written a sendmail milter that runs as a seperate process > before MIMEDefang can get a chance. I am not a programmer, but have > fiddled my way around Linux boxes for about 10 years, so I don't know > all of the internal workings of these systems. I do know that if you > install graylisting as stipulated in the instructions, you shouldn't > have any problems. Your mileage may vary. > -- Paul Whittney ArriveTech, Inc. Network Specialist / Systems Engineer / |670 West 36th Street, /--|Erie, PA, 16508, USA PWhittney [at] arrivetech.com (Main) / |www.arrivetech.com PWhittney [at] net.arrivetech.com (Aux) / |Tel: 814 868 3306 _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang