Re: postgrey and policyd-weight

Fri, 18 Aug 2006 16:59:39 -0700 

On Sat, Aug 19, 2006 at 12:49:12AM +0200, Robert Felber wrote:
> On Fri, Aug 18, 2006 at 03:35:21PM -0600, Gary V wrote:
> > Robert,
> > 
> >   I thought I saw somewhere where you recommend the order in which
> >   greylisting and policyd-weight should be in (if it's even
> >   recommended).
> > 
> >     check_policy_service unix:private/policy
> >     check_policy_service inet:127.0.0.1:60000
> 
> Sorry, I am a bit puzzled, what is the question now?
> 
> However, personally I use policyd-weight before greylist to keep the
> greylist database small and to have some statistics on what policyd-weight
> is catching.
> 
> (Also greylisting does only take place for "dynamic" clients and some
> country tlds).

After a second thought, I now would recommend (selective) greylisting before
policyd-weight to reduce wallclock-time spent on not-yet-seen spam-dialups.

(personally I stick with 1:polw, 2:grey to see changes when I change try
something out with policyd-weight).


that's currently my imlementation:

smtpd_restriction_classes = greylist

smtpd_recipient_restrictions =
    permit_mynetworks,
    reject_unauth_pipelining,
    reject_unauth_destination,
    reject_non_fqdn_recipient,
    check_policy_service inet:127.0.0.1:12525 # policyd-weight
    reject_non_fqdn_recipient,
    check_sender_access pcre:/usr/local/etc/postfix/greylist.pcre
    check_helo_access pcre:/usr/local/etc/postfix/greylist.pcre
    check_client_access pcre:/usr/local/etc/postfix/greylist.pcre


greylist = 
    check_policy_service inet:127.0.0.1:10023

greylist.pcre:
/post[fm]/ dunno                                                                
/sourceforge/ dunno                                                             
/(\.fr|\.id|\.jp|\.kr|\.it|\.dk|\.be|\.pt|\.ru|\.hu|\.es|\.info|\.pl)$/ greylist
/(dyn|ppp|dial|cable|dsl|volksbank|charter|rr.com)/ greylist                    
/\d+[-.]\d+[-.]\d+.*[A-Za-z]+/ greylist                                         
/t\-online/ dunno                                                               
/gmx/ dunno                                                                     
/leaseplan/ dunno                                                               
/siemens/ dunno                                                                 
/ford/ dunno                                                                    
/[EMAIL PROTECTED]/ dunno                                                       
        
/[bcdfghjklmnpqrtvwxyz]{4,}.*\@/ greylist                                       
/[aeiou]{4,}.*\@/ greylist                                                      
/\d[-.]\d[-.]\d/ greylist

 
(I used those regexes in a laz^Wfuzzy manner)


-- 
    Robert Felber (PGP: 896CF30B)
    Munich, Germany

____________________________________________________________
Policyd-weight Mailinglist - http://www.policyd-weight.org/

Reply via email to