Re: [spamdyke-users] Graylite and whitelist problems
Davide D'AMICO wrote: > 2008/9/7 Eric Shubert <[EMAIL PROTECTED]>: >> Davide D'AMICO wrote: >>> 2008/9/7 Eric Shubert <[EMAIL PROTECTED]>: I think I can field this one. ;) Davide D'AMICO wrote: > 1) Isn't more useful to graylist senders using their ip address rather > than only its > email address, like this: > /var/db/spamdyke/graylist/domain/rcpt/sender/ip_sender ? Some large (think yahoo, gmail) mailers use server pools. Retries might be sent from a different server, causing a message to be graylisted many times. Personally, I think it'd be ok to use IPs for a type of whitelist after the IP has passed graylisting. After all, once an IP has passed for one domain/sender, wouldn't it pass for all other domain/senders too? However, this adds another level of complexity (a pre- and a passed- gray list, sometimes referred to as a dual key). If this proved to be a good method, a global whitelist service based on the post-key (simply IP address), sort of like RBLSs but RWLs, could be implemented. I don't know if anyone's pursued such a thing or not. Seems feasible to me though. >>> You are right, but server pools are well known (gmail, yahoo, msn and >>> others) >>> and could be easily discovered and included in a whitelist. >> Yes, but they change, so you'd need some sort of maintenance procedure to >> keep them up to date. It's a slow moving target, but far from being fixed. >> Adding a manual maintenance burden is bad. If it were automated though, >> that'd be ok. >> > Graylist uses a timeout (min/max) to reset/delete graylist files, so > there is no need to use manual maintenance. > > Davide I was talking about adding them. -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Graylite and whitelist problems
Building an IP whitelist based on the graylist filter would be problematic. As you noted, server pools wouldn't be handled correctly. Proxies and NAT firewalls would also be an issue -- imagine one server behind a proxy passes the graylist, so the proxy is added to the whitelist. Then another server behind the proxy starts sending spam. The whitelist would let it all through. Also, an automatic whitelist like this would be easy to defeat if a spammer just sent a message to a known-good address before starting a spam run. Regarding the second question about the IP whitelist allowing all mail from the whitelisted server, Davide is correct. Once an IP has been whitelisted, spamdyke will allow it to send anything -- it bypasses all filters and authentication is not required. That's why whitelisting IP addresses should only be done sparingly, when the remote server can be trusted. Caveat: In version 4.0, the "smtp-auth-level" and "filter-level" options are not affected by whitelists. -- Sam Clippinger Eric Shubert wrote: > I think I can field this one. ;) > > Davide D'AMICO wrote: > >> Hi, >> I'm using spamdyke and I like it a lot. >> I encountered two problems: >> 1) Isn't more useful to graylist senders using their ip address rather >> than only its >> email address, like this: >> /var/db/spamdyke/graylist/domain/rcpt/sender/ip_sender ? >> > > Some large (think yahoo, gmail) mailers use server pools. Retries might be > sent from a different server, causing a message to be graylisted many times. > > Personally, I think it'd be ok to use IPs for a type of whitelist after the > IP has passed graylisting. After all, once an IP has passed for one > domain/sender, wouldn't it pass for all other domain/senders too? However, > this adds another level of complexity (a pre- and a passed- gray list, > sometimes referred to as a dual key). If this proved to be a good method, a > global whitelist service based on the post-key (simply IP address), sort of > like RBLSs but RWLs, could be implemented. I don't know if anyone's pursued > such a thing or not. Seems feasible to me though. > > >> 2) if I include an ip address in a whitelist, I become a relay for >> that ip address because >> that ip address bypass ALL other filters? >> > > No, because authentication is still required for non-local domains. Spamdyke > filters are only bypassed if/when the sender authenticates. > > >> Thanks in advance, >> Davide >> > > ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Graylite and whitelist problems
2008/9/7 Eric Shubert <[EMAIL PROTECTED]>: > Davide D'AMICO wrote: >> 2008/9/7 Eric Shubert <[EMAIL PROTECTED]>: >>> I think I can field this one. ;) >>> >>> Davide D'AMICO wrote: 1) Isn't more useful to graylist senders using their ip address rather than only its email address, like this: /var/db/spamdyke/graylist/domain/rcpt/sender/ip_sender ? >>> Some large (think yahoo, gmail) mailers use server pools. Retries might be >>> sent from a different server, causing a message to be graylisted many times. >>> >>> Personally, I think it'd be ok to use IPs for a type of whitelist after the >>> IP has passed graylisting. After all, once an IP has passed for one >>> domain/sender, wouldn't it pass for all other domain/senders too? However, >>> this adds another level of complexity (a pre- and a passed- gray list, >>> sometimes referred to as a dual key). If this proved to be a good method, a >>> global whitelist service based on the post-key (simply IP address), sort of >>> like RBLSs but RWLs, could be implemented. I don't know if anyone's pursued >>> such a thing or not. Seems feasible to me though. >> You are right, but server pools are well known (gmail, yahoo, msn and others) >> and could be easily discovered and included in a whitelist. > > Yes, but they change, so you'd need some sort of maintenance procedure to > keep them up to date. It's a slow moving target, but far from being fixed. > Adding a manual maintenance burden is bad. If it were automated though, > that'd be ok. > Graylist uses a timeout (min/max) to reset/delete graylist files, so there is no need to use manual maintenance. Davide ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Graylite and whitelist problems
Davide D'AMICO wrote: > 2008/9/7 Eric Shubert <[EMAIL PROTECTED]>: >> I think I can field this one. ;) >> >> Davide D'AMICO wrote: >>> 1) Isn't more useful to graylist senders using their ip address rather >>> than only its >>> email address, like this: >>> /var/db/spamdyke/graylist/domain/rcpt/sender/ip_sender ? >> Some large (think yahoo, gmail) mailers use server pools. Retries might be >> sent from a different server, causing a message to be graylisted many times. >> >> Personally, I think it'd be ok to use IPs for a type of whitelist after the >> IP has passed graylisting. After all, once an IP has passed for one >> domain/sender, wouldn't it pass for all other domain/senders too? However, >> this adds another level of complexity (a pre- and a passed- gray list, >> sometimes referred to as a dual key). If this proved to be a good method, a >> global whitelist service based on the post-key (simply IP address), sort of >> like RBLSs but RWLs, could be implemented. I don't know if anyone's pursued >> such a thing or not. Seems feasible to me though. > You are right, but server pools are well known (gmail, yahoo, msn and others) > and could be easily discovered and included in a whitelist. Yes, but they change, so you'd need some sort of maintenance procedure to keep them up to date. It's a slow moving target, but far from being fixed. Adding a manual maintenance burden is bad. If it were automated though, that'd be ok. > A spammer tends to use only an IP address or few ip addresses, so > using a graylist > method with single ip addresses could improve security. How would it "improve security"? Needs explanation. -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Graylite and whitelist problems
2008/9/7 Eric Shubert <[EMAIL PROTECTED]>: > I think I can field this one. ;) > > Davide D'AMICO wrote: >> Hi, >> I'm using spamdyke and I like it a lot. >> I encountered two problems: >> 1) Isn't more useful to graylist senders using their ip address rather >> than only its >> email address, like this: >> /var/db/spamdyke/graylist/domain/rcpt/sender/ip_sender ? > > Some large (think yahoo, gmail) mailers use server pools. Retries might be > sent from a different server, causing a message to be graylisted many times. > > Personally, I think it'd be ok to use IPs for a type of whitelist after the > IP has passed graylisting. After all, once an IP has passed for one > domain/sender, wouldn't it pass for all other domain/senders too? However, > this adds another level of complexity (a pre- and a passed- gray list, > sometimes referred to as a dual key). If this proved to be a good method, a > global whitelist service based on the post-key (simply IP address), sort of > like RBLSs but RWLs, could be implemented. I don't know if anyone's pursued > such a thing or not. Seems feasible to me though. You are right, but server pools are well known (gmail, yahoo, msn and others) and could be easily discovered and included in a whitelist. A spammer tends to use only an IP address or few ip addresses, so using a graylist method with single ip addresses could improve security. >> 2) if I include an ip address in a whitelist, I become a relay for >> that ip address because >> that ip address bypass ALL other filters? > > No, because authentication is still required for non-local domains. Spamdyke > filters are only bypassed if/when the sender authenticates. > You are right, I think I had a problem in my configuration files. Thanks in advance, dave ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Graylite and whitelist problems
I think I can field this one. ;) Davide D'AMICO wrote: > Hi, > I'm using spamdyke and I like it a lot. > I encountered two problems: > 1) Isn't more useful to graylist senders using their ip address rather > than only its > email address, like this: > /var/db/spamdyke/graylist/domain/rcpt/sender/ip_sender ? Some large (think yahoo, gmail) mailers use server pools. Retries might be sent from a different server, causing a message to be graylisted many times. Personally, I think it'd be ok to use IPs for a type of whitelist after the IP has passed graylisting. After all, once an IP has passed for one domain/sender, wouldn't it pass for all other domain/senders too? However, this adds another level of complexity (a pre- and a passed- gray list, sometimes referred to as a dual key). If this proved to be a good method, a global whitelist service based on the post-key (simply IP address), sort of like RBLSs but RWLs, could be implemented. I don't know if anyone's pursued such a thing or not. Seems feasible to me though. > 2) if I include an ip address in a whitelist, I become a relay for > that ip address because > that ip address bypass ALL other filters? No, because authentication is still required for non-local domains. Spamdyke filters are only bypassed if/when the sender authenticates. > Thanks in advance, > Davide -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] Graylite and whitelist problems
Hi, I'm using spamdyke and I like it a lot. I encountered two problems: 1) Isn't more useful to graylist senders using their ip address rather than only its email address, like this: /var/db/spamdyke/graylist/domain/rcpt/sender/ip_sender ? 2) if I include an ip address in a whitelist, I become a relay for that ip address because that ip address bypass ALL other filters? Thanks in advance, Davide ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
