Sarah Caswell <s.casw...@protocol6.com> writes: > The main problem occurs with senders like Gmail, yahoo, hotmail, > etc. ...i.e. all the senders that have large farms of smtp servers > from which they can retry delivery after initial greylisting delay. > > I know this means I'm not doing proper whitelisting of those major > sender domains, but I'm at a loss on how to best construct and > maintain such a whitelist. > > Are there any up-to-date lists that already track the MTAs of these large > mail providers?
I think you would need to construct it by hand. I very occasionally update my /etc/mail/nospamd, and then mostly by looking for relevant domains' published spf records. for example for gmail, [Thu Mar 28 18:49:27] peter@deeperthought:~$ host -ttxt gmail.com gmail.com descriptive text "v=spf1 redirect=_spf.google.com" [Thu Mar 28 18:49:37] peter@deeperthought:~$ host -ttxt _spf.google.com _spf.google.com descriptive text "v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ?all" [Thu Mar 28 18:52:02] peter@deeperthought:~$ for foo in _netblocks.google.com _netblocks2.google.com _netblocks3.google.com ; do host -ttxt $foo ; done _netblocks.google.com descriptive text "v=spf1 ip4:216.239.32.0/19 ip4:64.233.160.0/19 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:209.85.128.0/17 ip4:66.102.0.0/20 ip4:74.125.0.0/16 ip4:64.18.0.0/20 ip4:207.126.144.0/20 ip4:173.194.0.0/16 ?all" _netblocks2.google.com descriptive text "v=spf1 ip6:2001:4860:4000::/36 ip6:2404:6800:4000::/36 ip6:2607:f8b0:4000::/36 ip6:2800:3f0:4000::/36 ip6:2a00:1450:4000::/36 ip6:2c0f:fb50:4000::/36 ?all" _netblocks3.google.com descriptive text "v=spf1 ?all" and so forth. Not all domains publish SPF, and you may need to work around a certain bitrot factor. And spend some time poring over your spamd log to weed out the non-obvius ones. Then again, I just decided to share mine, which is the product of just the process I've described. It's up at http://www.bsdly.net/~peter/nospamd free to use, corrections welcome (will be rewarded with a personal thank you message ;)). - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
