On 10/19/06, Steve Williams <[EMAIL PROTECTED]> wrote:
Hi,
I have been running spamdb greylisting only for several years as my only
line of defense at home. At work I have managed to sneak in a Sparc64
Sunfire 120 (OpenBSD 3.9) as a caching web proxy & default gateway.
Today, we had a fairly agressive attack on our email system, 6000+
emails in a relatively short period of time. I took the opportunity to
deploy greylisting on the OpenBSD box (which is our first line of
defense... first of many).
It's performed well, and is up to about 300 email servers whitelisted.
I know from personal experience that Bell in Ontario (at the minimum)
and a few other ISP's have server pools that do not cooperate nicely
with greylisting. They do not guarantee the same server will retry
sending the email when it's blocked by spamdb (451 temporary failure).
On my computer at home, I notice these entries when I do a spamdb | more
and see something like:
GREY|205.152.59.48|<[EMAIL PROTECTED]>|<[EMAIL
PROTECTED]>|1161299154|1161313554|1161313554|1|0
GREY|205.152.59.51|<[EMAIL PROTECTED]>|<[EMAIL
PROTECTED]>|1161296098|1161310498|1161310498|1|0
GREY|205.152.59.65|<[EMAIL PROTECTED]>|<[EMAIL
PROTECTED]>|1161300604|1161315004|1161315004|1|0
GREY|205.152.59.66|<[EMAIL PROTECTED]>|<[EMAIL
PROTECTED]>|1161302039|1161316439|1161316439|1|0
GREY|205.152.59.67|<[EMAIL PROTECTED]>|<[EMAIL
PROTECTED]>|1161294517|1161308917|1161308917|1|0
GREY|205.152.59.68|<[EMAIL PROTECTED]>|<[EMAIL
PROTECTED]>|1161292315|1161306715|1161306715|1|0
GREY|205.152.59.72|<[EMAIL PROTECTED]>|<[EMAIL
PROTECTED]>|1161297659|1161312059|1161312059|1|0
On my personal email server, it happens VERY seldom. On our work
server, it only took a couple of hours for this to show up. It looks
like Yahoo might be the same way.
I am 99% sure that I have seen on the internet SOMEWHERE a "whitelist"
of servers that are like this. I thought Bob Beck had forwarded one at
one point in time, but I can only find his post regarding the tarfile he
maintains for the "zombie" hosts.
Bob, if you are listening, what do you do at the U of A to handle these
mis-behaving server pools? Anyone else??
Thanks,
Steve Williams
As seen on undeadly:
http://home.xnet.com/~ansible/openbsd_spamd_conf.html
contains a tutorial on setting up spamd on OpenBSD. It is helpful as
it shows an example script that creates a whitelist by looking at SPF
DNS records in a list of domains.
Also, as someone else mentioned, greylisting.org has an excellent
whitelist in a CVS repository here:
http://cvs.puremagic.com/viewcvs/greylisting/schema/whitelist_ip.txt
Kevin
