On Sat, 28 Mar 2009 00:50:21 -0500, Matthew Weigel wrote: >Rod Whitworth wrote: > >>>> Anybody run into this kind of logic before? >>> Yes, that's part of how greytrapping works: >>> http://www.openbsd.org/cgi-bin/man.cgi?query=spamd#GREYTRAPPING >> >> No. That is NOT how greytrapping works. RTFM more carefully. >> >> spamd NEVER issues a 2xx code, because it NEVER accepts any mail. > >I did RTFM carefully. I don't see anything in the spamd manpage that >indicates one way or another what response is sent in the specific case of >greytrapping.
* see below at *** > So I assumed it did, because that's the way I've seen other >greytrapping systems whose code I've read worked. Perhaps you can point out >my mistake. > >But your comment got me curious, so I poked at the source, and it looks like >it never lets the sender get far enough in the DATA to be done before issuing >a 450/550 (per -4/-5); it only issues 2xx codes (and it's not "NEVER") to >string the connection along. Well I thought you would have realised that you need to send 2xx in response to HELO/EHLO, MAIL FROM: and RCPT TO: commands to gather the data. They are not the codes logged by the OP, and that is what I meant when I spoke about not issuing a 250. I did say " spamd NEVER issues a 2xx code, because it NEVER accepts any mail." meaning that the OP would not have a 250 in his logs if he was greytrapped A 5xx code will abort the process whenever it is issued and greytrapping needs to string the client MTA along until (usually) the sender aborts the transaction or has terminated the DATA phase ( a dot on an otherwise empty line) when a 450 will be sent. Note that greytrapping is only really effective using 450 (to waste more of the spammer's time) and the manpage says: *** "GREYTRAPPING When running spamd in default mode, it may be useful to define spamtrap destination addresses to catch spammers as they send mail from greylisted hosts. ........." Notice the "default mode" up there? -4 is the default, as the manpage says: " -4 For blacklisted entries, return error code 450 to the spammer (default)." Those are the bits you missed. Speed reading has its downside. > >>> I've seen other implementations do greytrapping for *every* invalid >>> address that comes through, too. >> >> And that's a great way to blacklist a genuine sender who misheard an >> email address and so misspelled it. S/he will never get a 5xx that >> flags the problem. > >John Brooks asked if anyone had run into this before. Yes, I have. Hell, I'm >pretty sure this approach has been presented at LISA before. *** NOTE *** Please DO NOT CC me. I <am> subscribed to the list. Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou. Rod/ /earth: write failed, file system is full cp: /earth/creatures: No space left on device