Re: R: R: BIG increase in spam today
On Fri, November 3, 2006 11:53, Giampaolo Tomassoni wrote: > Due to the dynamic nature of this test, I guess that at least in the postfix > case it should need to be somehow embedded into the greylisting server: it > seems postfix doesn't allow to specify more than one policy server in the > check_policy_service directive. can be made with a combo of restriction classes and policy restrictions on postfix, how you do this is your problem :-) -- "This message was sent using 100% recycled spam mails."
R: R: BIG increase in spam today
> Federico Giannici wrote: > > François Rousseau wrote: > >> Greylisting is not always good... > >> > >> The greylisting insert delay in delevery and sometimes the email have > >> to be delever fast. > > > > I don't trust enough DNSBLs to completely block an email only based on > > them. > > > > What about combining BlackListing and GreyListing? > > I'd like to use GreyLists (with long delay) for BlackListed emails only. > > > > Has anybody already implemented it? > > Is there already something able to implement it? > > This was asked on the Postfix list recently: > > http://groups.google.com/group/list.postfix.users/browse_thread/thread/5146269c41c5ca9d > > The best answer was: > > http://www.orangegroove.net/code/marbl/ Great hint! Thanks. --- Giampaolo Tomassoni - IT Consultant Piazza VIII Aprile 1948, 4 I-53044 Chiusi (SI) - Italy Ph: +39-0578-21100 MAI inviare una e-mail a: NEVER send an e-mail to: [EMAIL PROTECTED]
R: R: BIG increase in spam today
> François Rousseau wrote: > > Greylisting is not always good... > > > > The greylisting insert delay in delevery and sometimes the > email have to > > be delever fast. > > I don't trust enough DNSBLs to completely block an email only > based on them. > > What about combining BlackListing and GreyListing? > I'd like to use GreyLists (with long delay) for BlackListed emails only. This is a very interesting idea. Ah, these italian brains! :) > Has anybody already implemented it? I use postfix, and something like that is suggested in the postfix's "SMTP Access Policy Delegation" manual (http://www.postfix.org/SMTPD_POLICY_README.html). See "Greylisting mail from frequently forged domains" in there. That, however, uses a static list of "frequently forged" domains and check_sender_access to enforce greylistin on listed domains. What you suggest is obviously more powerfull. Due to the dynamic nature of this test, I guess that at least in the postfix case it should need to be somehow embedded into the greylisting server: it seems postfix doesn't allow to specify more than one policy server in the check_policy_service directive. So, a postgrey or postgreysql server's code would shurely need to be tuned for this. > Is there already something able to implement it? FWIK, no. --- Giampaolo Tomassoni - IT Consultant Piazza VIII Aprile 1948, 4 I-53044 Chiusi (SI) - Italy Ph: +39-0578-21100 MAI inviare una e-mail a: NEVER send an e-mail to: [EMAIL PROTECTED] > Thanks. > > -- > ___ > __ > |- [EMAIL PROTECTED] > |ederico Giannici http://www.neomedia.it > ___
R: R: BIG increase in spam today
> Da: Marc Perkel [mailto:[EMAIL PROTECTED] > What I do is sort of partial greylisting. If a connection is suspicious > I give them a temp error on my lowest MX but accept them on higher MX > records. So that way most MTA will try a higher MX right away and it > doesn't add much of a delay. Well, it's nice. But expect bots to circumvent this within few months: it's easy. Greylisting works on the assumption that no spammer would waste its precious time by attempting a second time to an smtp server, but they could attempt to a site's higher MXes soon after they get a 4xx from the lowest one... You know: they have to do their dirty work within minutes, or their efforts will be voided by reporting agents and the like (razor, pyzor, dcc, ecc...) or sometimes by the connection provider itself. --- Giampaolo Tomassoni - IT Consultant Piazza VIII Aprile 1948, 4 I-53044 Chiusi (SI) - Italy Ph: +39-0578-21100 MAI inviare una e-mail a: NEVER send an e-mail to: [EMAIL PROTECTED]
R: R: BIG increase in spam today
Greylisting is not always good... The greylisting insert delay in delevery and sometimes the email have to be delever fast. For example: on some public wireless network, you have to register to have access to the internet. You can access internet without authentification for 15 minutes. In this 15 minutes, you have to register in the captive portal and then go confirm your inscription by clicking in a link received by email. If the greylisting insert more then 15 minutes of delay... Yes, this is a well-known argument. The fact is that smtp is designed for reliability, not for low latency. Smtp isn't probably well-suited for a subscription system with such a tight time window. I think technologies like SPF have a better futur. Greylisting is present, not future. SPF is actually not that common... Probably, SPF WILL have a better future. Come on: use the Force! :) François Rousseau 2006/11/2, Giampaolo Tomassoni <[EMAIL PROTECTED] >: > On 11/2/06, Debbie D <[EMAIL PROTECTED] > wrote:> >> > Yes Chris I did notice.. my server was attacked with spam yesterday> > morning.. it was coming from several different ip, so fast I> could not keep> > it quiet > >>> There's been a lot of chatter about this:>> http://it.slashdot.org/article.pl?sid=06/11/01/1321226>> Actually, it's getting to the extent that some at work are raising> questions as to whether our SA setup will be able to maintain adequate> protection from this growing onslaught. However, I have a feeling that > even the appliance vendors are going to be equally hard pressed to> deal with it.Use greylisting: if they're bots, they will not even reach your SA.Greylisting is a force.Use the Force! ---Giampaolo Tomassoni - IT ConsultantPiazza VIII Aprile 1948, 4I-53044 Chiusi (SI) - ItalyPh: +39-0578-21100MAI inviare una e-mail a:NEVER send an e-mail to: [EMAIL PROTECTED]>> Amos