* Stuart Henderson <s...@spacehopper.org> le [30-10-2018 23:39:23 +0000]: > On 2018-10-30, Chris Narkiewicz <he...@ezaquarii.com> wrote: > > Hi, > > > > I'm configuring spamd and I noticed that when I send an e-mail from > > GMail, each time the e-mail is submitted by a different IP address. > > > > Here is spamdb output after sending a test email to myself: > > > > GREY|209.85.219.182|mail-yb1-f182.google.com|... > > GREY|209.85.219.177|mail-yb1-f177.google.com|... > > GREY|209.85.219.176|mail-yb1-f176.google.com|... > > GREY|209.85.219.172|mail-yb1-f172.google.com|... > > GREY|209.85.219.180|mail-yb1-f180.google.com|... > > GREY|209.85.219.175|mail-yb1-f175.google.com|... > > GREY|209.85.219.173|mail-yb1-f173.google.com|... > > GREY|209.85.219.179|mail-yb1-f179.google.com|... > > GREY|209.85.208.46|mail-ed1-f46.google.com|... > > GREY|209.85.161.52|mail-yw1-f52.google.com|... > > ... snip ... > > > > Of course they are not whitelisted, as each submission > > attempt is done by a different node and I guess google has A LOT of > > them. I see 2 issues with that: > > > > 1) e-mail delivery takes a lot of time (as google uses exponential > > backoff and stops frequent retries after few failures) > > > > 2) whitelisted IPs are more likely being expired, as my server is > > not getting a lot of gmail traffic > > > > I suppose different big e-mail providers will > > have similar issues. > > > > I'm also running BGP server to download a whitelist, > > but it does not contain google servers. > > > > Are there any solutions get around this problem? Ideally I'd like > > to just whitelist reputable mail providers as I see little chance > > that any spammer will outsmart Google/Yahoo/Microsoft/etc.
To solve this problem, I use two methods : ## whitelist from bsdly.net (thaniks again peter : ) In /etc/pf.conf table <nospamd> persist file "/etc/mail/nospamd" pass in on egress proto tcp from <nospamd> to any port smtp /in /etc/weekly.local : echo "update nospamd file" ftp -o /etc/mail/nospamd http://www.bsdly.net/~peter/nospamd ## whitelist from spf walk : In /etc/mail/spamd.conf : all:\ :nixspam:bgp-spamd:bsdlyblack:whitelist: ... whitelist:\ :white:\ :method=file:\ :file=/etc/mail/whitelist.txt In /etc/weekly.local : /usr/local/bin/domain-white-spamd In /usr/local/bin/domain-white-spamd, adjust with domins you need : TMP=$(mktemp) WHITELIST=/etc/mail/whitelist.txt DOMAINS='outlook.com gmail.com google.com hotmail.com yahoo.com yahoo.fr live.fr mail-out.ovh.net mxb.ovh.net gandi.net laposte.net github.com protonmail.com ' for d in $DOMAINS; do echo "$d" | smtpctl spf walk >> "$TMP" done mv "$TMP" "$WHITELIST" exit 0 -- thuban