Sloan wrote: > John Beaver wrote: >> Leonardo Rodrigues Magalhães wrote: >> >>> Hello Guys, >>> >>> My policyd is being called on smtpd_recipient_restrictions for >>> greylist and some other features. My smtpd_recipient_restrictions is >>> configured like this: >>> >>> smtpd_recipient_restrictions = >>> reject_unknown_recipient_domain, >>> permit_sasl_authenticated, >>> permit_mynetworks, >>> reject_unauth_destination, >>> reject_unlisted_recipient, >>> check_policy_service inet:127.0.0.1:10031 >>> >>> I can watch several IP trying to harvest my server, trying to send >>> email to several unknown users. But, i suppose, they are not being >>> greylisted/blacklisted because reject_unauth and reject_unlisted are >>> listed BEFORE the check_policy_service, which actually calls policyd. >>> >>> Question is ..... having check_policy_service right after >>> permit_mynetworks would allow connections trying to send email to >>> unknown users to be greylisted ? I was thinking on having this: >>> >>> smtpd_recipient_restrictions = >>> reject_unknown_recipient_domain, >>> permit_sasl_authenticated, >>> permit_mynetworks, >>> check_policy_service inet:127.0.0.1:10031, >>> reject_unauth_destination, >>> reject_unlisted_recipient >>> >>> Would that be OK ? >>> >> Will it work, yes. But what are you expecting to accomplish with this >> change? >> > As he mentioned above, what he expects to accomplish, is to greylist the > connections which are trying to harvest addresses by running the > dictionary attacks.
That what I thought but wanted to confirm. In my experience, using a combination of a low smtpd_hard_error_limit and anvil was a more effective, lower bandwidth solution. I used greylisting in this fashion for several months but did not find it as useful. YMMV john ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ policyd-users mailing list policyd-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/policyd-users
