Re: Should I use greylisting
On 29-Jan-2007, at 12:24, [EMAIL PROTECTED] wrote: While I generally believe that end users should send thru a smarthost, I also think it is a bad idea to restrict them to the network provider's smarthost. They might prefer to send via their company's SMTP instead That's what port 587 (preferably with AUTH) is for. In this day and age it is totally unacceptable for an ISP to allow dynamic IPs access through port 25 to anything but the ISP's mail server. THe issue comes with braindead ISPs that block port 25 for users with fixed IPs as well. -- We will fight for Bovine Freedom and hold our large heads high We will run free with the Buffalo or die
RE: Should I use greylisting
Thanks Mike. Roughly what percentage of spam gets through? I am a bit worried about blocking people with dynamic IP addresses say from their ISP, if they inherit an IP address recently used by an infected PC they will still be in the RBL and get blocked. Do you get many problems like that? Is it a good idea to block them so early, or should I wait and use the RBL's to score them in SA later in the procmail delivery. Obviously later will use up more CPU but will I get less false rejections? Greylisting seemed to be a better compromise, it does not reject anything it just adds a delay, this seems better. What do you think? Thanks Matthew -Original Message- From: Mike Jackson [mailto:[EMAIL PROTECTED] Sent: 29 January 2007 13:08 To: [EMAIL PROTECTED] Subject: Re: Should I use greylisting So in your opinion, what is the best way to reject spam early in the mail delivery, in order to reduce the load on spam assassin. Here's my anti-spam chain: 1. RBLs. These are the ones I use, in order: zen.spamhaus.org dynablock.njabl.org dsn.rfc-ignorant.org bogusmx.rfc-ignorant.org bl.spamcop.net 2. SPF milter. But, this blocks very little mail. In fact, so little that I'm wondering why I bother other than that all the cool kids are supporting SPF. 3. SpamAssassin invoked from procmail. I keep my Bayes database well-fed. I use a few rulesets from rulesemporium.com kept up to date with rules_du_jour, but they're not as effective as one would hope. I use razor, though only for checking (I don't report anything at this point). I have the ImageInfo plugin, but it doesn't seem to catch much either.
Re: Should I use greylisting
Until the spammers build in retry into their bots, I'm a firm believer of greylisting. They have. I'm a sys admin at a major hosting provider, and I've seen it in action on at least one customer's box who was using greylisting. Considering spammers have near-infinite resources, it was only a matter of time before they'd either retry delivery on the same message, or simply wait an hour or so and try sending a new message. But even with some spammers are starting to retry, greylist is still a MAJOR antispam feature, which will block, in my experiences, more than 85-90% of all SPAMs received by the system. Perhaps now that's the case, but give it a few months until all the spambots out there start paying attention to deferrals and retrying. Greylisting may be effective now, but it's only a matter of time before the spammers learn to adapt, just like they have to everything else.
RE: Should I use greylisting
I am a bit worried about blocking people with dynamic IP addresses say from their ISP, if they inherit an IP address recently used by an infected PC they will still be in the RBL and get blocked. Machines on dynamic IPs should not be doing direct-to-MX submission, so block their entire networks with no looking back, eg use spamhaus PBL. In the spam business, nice, meticulous, conscientious people always get screwed. The network operators should be blocking access from their subscriber access networks to port 25. Len
RE: Should I use greylisting
I am a bit worried about blocking people with dynamic IP addresses say from their ISP, if they inherit an IP address recently used by an infected PC they will still be in the RBL and get blocked. Machines on dynamic IPs should not be doing direct-to-MX submission, so block their entire networks with no looking back, eg use spamhaus PBL. In the spam business, nice, meticulous, conscientious people always get screwed. The network operators should be blocking access from their subscriber access networks to port 25. Hi, this last point means that their customers are bound to use the network operator's smtp for sending. While I generally believe that end users should send thru a smarthost, I also think it is a bad idea to restrict them to the network provider's smarthost. They might prefer to send via their company's SMTP instead Wolfgang Len
Re: Should I use greylisting
[EMAIL PROTECTED] wrote: I am a bit worried about blocking people with dynamic IP addresses say from their ISP, if they inherit an IP address recently used by an infected PC they will still be in the RBL and get blocked. Machines on dynamic IPs should not be doing direct-to-MX submission, so block their entire networks with no looking back, eg use spamhaus PBL. In the spam business, nice, meticulous, conscientious people always get screwed. The network operators should be blocking access from their subscriber access networks to port 25. Hi, this last point means that their customers are bound to use the network operator's smtp for sending. While I generally believe that end users should send thru a smarthost, I also think it is a bad idea to restrict them to the network provider's smarthost. They might prefer to send via their company's SMTP instead ...which is exactly the reason SMTP Auth operating over port 587 exists. Steve
Re: Should I use greylisting
Mike Jackson escreveu: Until the spammers build in retry into their bots, I'm a firm believer of greylisting. They have. I'm a sys admin at a major hosting provider, and I've seen it in action on at least one customer's box who was using greylisting. Considering spammers have near-infinite resources, it was only a matter of time before they'd either retry delivery on the same message, or simply wait an hour or so and try sending a new message. But even with some spammers are starting to retry, greylist is still a MAJOR antispam feature, which will block, in my experiences, more than 85-90% of all SPAMs received by the system. I use policyd (http://policyd.sourceforge.net) as my greylist daemon. It allows me to build blacklists based on reverse DNS of the hosts, so I built some blacklists for getting DSL/cable/dynamic/dialup/shitty networks worldwide. I also have built a whitelist based also on reverse DNSs, which allows me to completly whitelist all major ISPs worldwide and companies in my country (Brazil), thus acchieving a 'no-greylist-delay' situation for a great amount of messages sent by real servers. With that, i'm pretty convinced that a HUGE ammount of SPAMs are getting stopped on greylist level, avoiding those messages to reach 'heavier' antispam features after greylist, like SpamAssassim for example. With whitelists, messages delay are not a big problem for the users, because i successfully whitelist all major ISPs in my country. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email [EMAIL PROTECTED] My SPAMTRAP, do not email it
Re: Should I use greylisting
Adding my 0.2€ to the discussion... I use qgreylist, which enables us to (if properly configured) block whole /24 networks instead of single hosts. Of course, I'm using qmail, so this is a qmail solution. I've successfully integrated greylisting with A/V scanning and SA processing in the incoming relays where you expect a little delay, and by doing so I've diminished the perception of the incoming first message wait time. Regards, Ricardo Oliveira http://apache.weblog.com.pt/
Re: Should I use greylisting
Until the spammers build in retry into their bots, I'm a firm believer of greylisting. They have. I'm a sys admin at a major hosting provider, and I've seen it in action on at least one customer's box who was using greylisting. Considering spammers have near-infinite resources, it was only a matter of time before they'd either retry delivery on the same message, or simply wait an hour or so and try sending a new message.
Re: Should I use greylisting
You shouldn't have told them you were delaying any email After the first message there is no further delays and my bet is that they wouldn't have noticed anything unless you pointed it out. I have found greylisting is quite capable of removing 50% of the spam before I even have to process it on my servers. If you have the horsepower for it you don't need to do this greylisting... On Jan 25, 2007, at 8:19 AM, Steven Stern wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Matthew Bickerton wrote: Thanks, but does this mean I have to keep/maintain a list of all the mail farms. Keeping this list up to date sounds horrid/impossible. Matthew -Original Message- From: --[ UxBoD ]-- [mailto:[EMAIL PROTECTED] Sent: 25 January 2007 12:49 To: users@spamassassin.apache.org Subject: Re: Should I use greylisting Check out http://policyd.sourceforge.net/ then as it allows you to specify Servers/IP that should not be greylisted. Works very well. On Thu, 25 Jan 2007 12:33:19 - Matthew Bickerton [EMAIL PROTECTED] wrote: Hi, I am setting up a new server, so have a chance to make big changes to my email server. I have been thinking about implementing Greylisting. However, I am worried about blocking/long delays with e-mails from mail farms (gmail, yahoo etc.) I would very much appreciate other people's recommendations on Greylisting or other approaches to reducing the load on my server by rejecting spam early. I tried out greylisting for several months for a select group of users using greylist-milter. Their unanimous opinion was that they wanted to receive mail instantly. The 10 - 60 minute delay for first-time senders was unacceptable. The reduction in spam was not noticeable as we get great results using a combination of ClamAV ans SpamAssassin with a global bayes filter and many RDJ rules. - -- Steve -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFFuK5OeERILVgMyvARAoUEAJ9LhlgxkvoktjH88rlFpE9B39Zy0ACfVJF9 nBF1MCNsvLkCKlOoyTVP7+Q= =CzLb -END PGP SIGNATURE-
Re: Should I use greylisting
On Thu, 25 Jan 2007, Chris Purves wrote: Matthew Bickerton wrote: I have been thinking about implementing Greylisting. However, I am worried about blocking/long delays with e-mails from mail farms (gmail, yahoo etc.) You could compromise by greylisting based on blocklists (such as spamhaus, etc.). You could also take care of this by greylisting on the /24 netblock instead of the /32 address. Most greylisters support this these days, and it eliminates retry problems with large mx pools. Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University Never send mail to [EMAIL PROTECTED]
Re: Should I use greylisting
Steven W. Orr wrote: I'm running sendmail and I want a good greylist that uses a mysql database. My selective greylist implementation uses MySQL or SQLite, but it is implemented in a MIMEDefang filter so if you don't use MIMEDefang you might not find it useful. It's at http://whatever.frukt.org/mimedefangfilter.text.shtml. Regards /Jonas -- Jonas Eckerman, FSDB Fruktträdet http://whatever.frukt.org/ http://www.fsdb.org/ http://www.frukt.org/
Re: Should I use greylisting
Magnus Holmgren wrote: On Friday 26 January 2007 03:21, uNiXpSyChO wrote: Chris Purves wrote: Personally, I didn't like the added delay for first-time mails, which is why I chose to greylist only on blocklists, but for a minimal effort my spam was significantly reduced. Hope that helps. what are you using to greylist based on blocklists? Judging from his presence on the Exim-related mailing lists he is probably using the Exim MTA and its ACL facilities. Yes, that's what I'm doing. Exim + greylistd. -- Chris
Should I use greylisting
Hi, I am setting up a new server, so have a chance to make big changes to my email server. I have been thinking about implementing Greylisting. However, I am worried about blocking/long delays with e-mails from mail farms (gmail, yahoo etc.) I would very much appreciate other people's recommendations on Greylisting or other approaches to reducing the load on my server by rejecting spam early. Matthew
Re: Should I use greylisting
Check out http://policyd.sourceforge.net/ then as it allows you to specify Servers/IP that should not be greylisted. Works very well. On Thu, 25 Jan 2007 12:33:19 - Matthew Bickerton [EMAIL PROTECTED] wrote: Hi, I am setting up a new server, so have a chance to make big changes to my email server. I have been thinking about implementing Greylisting. However, I am worried about blocking/long delays with e-mails from mail farms (gmail, yahoo etc.) I would very much appreciate other people's recommendations on Greylisting or other approaches to reducing the load on my server by rejecting spam early. Matthew -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
RE: Should I use greylisting
Thanks, but does this mean I have to keep/maintain a list of all the mail farms. Keeping this list up to date sounds horrid/impossible. Matthew -Original Message- From: --[ UxBoD ]-- [mailto:[EMAIL PROTECTED] Sent: 25 January 2007 12:49 To: users@spamassassin.apache.org Subject: Re: Should I use greylisting Check out http://policyd.sourceforge.net/ then as it allows you to specify Servers/IP that should not be greylisted. Works very well. On Thu, 25 Jan 2007 12:33:19 - Matthew Bickerton [EMAIL PROTECTED] wrote: Hi, I am setting up a new server, so have a chance to make big changes to my email server. I have been thinking about implementing Greylisting. However, I am worried about blocking/long delays with e-mails from mail farms (gmail, yahoo etc.) I would very much appreciate other people's recommendations on Greylisting or other approaches to reducing the load on my server by rejecting spam early. Matthew -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: Should I use greylisting
You can use wildcards :) On Thu, 25 Jan 2007 12:58:51 - Matthew Bickerton [EMAIL PROTECTED] wrote: Thanks, but does this mean I have to keep/maintain a list of all the mail farms. Keeping this list up to date sounds horrid/impossible. Matthew -Original Message- From: --[ UxBoD ]-- [mailto:[EMAIL PROTECTED] Sent: 25 January 2007 12:49 To: users@spamassassin.apache.org Subject: Re: Should I use greylisting Check out http://policyd.sourceforge.net/ then as it allows you to specify Servers/IP that should not be greylisted. Works very well. On Thu, 25 Jan 2007 12:33:19 - Matthew Bickerton [EMAIL PROTECTED] wrote: Hi, I am setting up a new server, so have a chance to make big changes to my email server. I have been thinking about implementing Greylisting. However, I am worried about blocking/long delays with e-mails from mail farms (gmail, yahoo etc.) I would very much appreciate other people's recommendations on Greylisting or other approaches to reducing the load on my server by rejecting spam early. Matthew -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: Should I use greylisting
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Matthew Bickerton wrote: Thanks, but does this mean I have to keep/maintain a list of all the mail farms. Keeping this list up to date sounds horrid/impossible. Matthew -Original Message- From: --[ UxBoD ]-- [mailto:[EMAIL PROTECTED] Sent: 25 January 2007 12:49 To: users@spamassassin.apache.org Subject: Re: Should I use greylisting Check out http://policyd.sourceforge.net/ then as it allows you to specify Servers/IP that should not be greylisted. Works very well. On Thu, 25 Jan 2007 12:33:19 - Matthew Bickerton [EMAIL PROTECTED] wrote: Hi, I am setting up a new server, so have a chance to make big changes to my email server. I have been thinking about implementing Greylisting. However, I am worried about blocking/long delays with e-mails from mail farms (gmail, yahoo etc.) I would very much appreciate other people's recommendations on Greylisting or other approaches to reducing the load on my server by rejecting spam early. I tried out greylisting for several months for a select group of users using greylist-milter. Their unanimous opinion was that they wanted to receive mail instantly. The 10 - 60 minute delay for first-time senders was unacceptable. The reduction in spam was not noticeable as we get great results using a combination of ClamAV ans SpamAssassin with a global bayes filter and many RDJ rules. - -- Steve -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFFuK5OeERILVgMyvARAoUEAJ9LhlgxkvoktjH88rlFpE9B39Zy0ACfVJF9 nBF1MCNsvLkCKlOoyTVP7+Q= =CzLb -END PGP SIGNATURE-
Re: Should I use greylisting
On Thursday, Jan 25th 2007 at 12:49 -, quoth --[ UxBoD ]--: =Check out http://policyd.sourceforge.net/ then as it allows you to =specify Servers/IP that should not be greylisted. Works very well. = I know this is the wrong pleace to discuss this, but since I didn't start it, I'm taking advantage. The policyd link above is for postfix. What I'd like doesn't seem to exist that I know of, and I'd like to know if someone maybe has a pointer. I'm running sendmail and I want a good greylist that uses a mysql database. There are all sorts of things out there but they're not dbms based. Anyone?
Re: Should I use greylisting
On Thu, 25 Jan 2007 11:56:47 -0500 (EST) Steven W. Orr [EMAIL PROTECTED] wrote: On Thursday, Jan 25th 2007 at 12:49 -, quoth --[ UxBoD ]--: =Check out http://policyd.sourceforge.net/ then as it allows you to =specify Servers/IP that should not be greylisted. Works very well. = I know this is the wrong pleace to discuss this, but since I didn't start it, I'm taking advantage. The policyd link above is for postfix. What I'd like doesn't seem to exist that I know of, and I'd like to know if someone maybe has a pointer. I'm running sendmail and I want a good greylist that uses a mysql database. There are all sorts of things out there but they're not dbms based. Anyone? try here :- http://www.greylisting.org/ -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: Should I use greylisting
Steven W. Orr [EMAIL PROTECTED] wrote: I'm running sendmail and I want a good greylist that uses a mysql database. There are all sorts of things out there but they're not dbms based. Relaydelay (http://projects.puremagic.com/greylisting/downloads.html) is the only Sendmail greylister I know of that uses MySQL Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University Never send mail to [EMAIL PROTECTED]
RE: Should I use greylisting
I am using postgrey which allows for whitelisting of address ranges, specific IPs, etc. I implemented it on the Thanksgiving weekend so it could build up it's triplet database before hitting the work week email and I've not had a single person complain. On the flip side, I very rarely see spam come through that isn't sent to postmaster@ which is whitelisted. Until the spammers build in retry into their bots, I'm a firm believer of greylisting. Dylan -Original Message- From: Matthew Bickerton [mailto:[EMAIL PROTECTED] Sent: Thursday, January 25, 2007 7:33 AM To: users@spamassassin.apache.org Subject: Should I use greylisting Hi, I am setting up a new server, so have a chance to make big changes to my email server. I have been thinking about implementing Greylisting. However, I am worried about blocking/long delays with e-mails from mail farms (gmail, yahoo etc.) I would very much appreciate other people's recommendations on Greylisting or other approaches to reducing the load on my server by rejecting spam early. Matthew
Re: Should I use greylisting
Matthew Bickerton wrote: I have been thinking about implementing Greylisting. However, I am worried about blocking/long delays with e-mails from mail farms (gmail, yahoo etc.) You could compromise by greylisting based on blocklists (such as spamhaus, etc.). This would free up some resources by rejecting a fair amount of mail that would otherwise go to spamassassin. For my setup (consisting of two users), greylisting with this method eliminates half of spam that would have otherwise gone to spamassassin. (about 250/500 per week). It also means that you can greatly increase the greylist time to several hours or even a day since it would be unlikely that legit e-mail would be greylisted, but if it was it would still get through, although quite delayed. Of course if you are using blocklists for blocking...then that wouldn't help. You can also add a whitelist to bypass the greylisting for large mail servers. Personally, I didn't like the added delay for first-time mails, which is why I chose to greylist only on blocklists, but for a minimal effort my spam was significantly reduced. Hope that helps. -- Chris
Re: Should I use greylisting
Chris Purves wrote: Matthew Bickerton wrote: ...snip... Personally, I didn't like the added delay for first-time mails, which is why I chose to greylist only on blocklists, but for a minimal effort my spam was significantly reduced. Hope that helps. what are you using to greylist based on blocklists?
Re: Should I use greylisting
On Friday 26 January 2007 03:21, uNiXpSyChO wrote: Chris Purves wrote: Personally, I didn't like the added delay for first-time mails, which is why I chose to greylist only on blocklists, but for a minimal effort my spam was significantly reduced. Hope that helps. what are you using to greylist based on blocklists? Judging from his presence on the Exim-related mailing lists he is probably using the Exim MTA and its ACL facilities. -- Magnus Holmgren[EMAIL PROTECTED] (No Cc of list mail needed, thanks) Exim is better at being younger, whereas sendmail is better for Scrabble (50 point bonus for clearing your rack) -- Dave Evans ---BeginMessage--- Marc Haber wrote: On Tue, Jan 16, 2007 at 01:57:38PM -0700, Chris Purves wrote: I am having difficulties getting AUTH to work for remote connections. I have had it working in the past, but don't normally use my server for sending e-mail because it has a dynamic IP. Yesterday I found that it doesn't seem to be working at all. I have tried with Thunderbird and Opera to send e-mail, both say something the server is not accepting SMTP connections or is not set up properly. Any chance that your ISP might be blocking incoming port 25? Does submission on port 587 have the same problem? The problem was along these lines. Port 25 seems to be blocked for outgoing on the network I was testing the e-mail client. I added listening on port 587 for situations like that and everything is working now; or rather it was always working and I just now realised it. Thanks for pointing out the most obvious reason. It could have taken weeks for my brain to turn on. I also found that when using telnet remotely, the welcome banner was very slow to come up ~60s. I set rfc1413_query_timeout = 0s to get around that. If that didn't help, you might be experiencing DNS issues. If it helped, I have no idea because rfc1413 timeout was always shorter than 30 seconds. Yes, you're right. I reset to 30s and from some hosts it takes about 35s and from others about 3s. I must have made a mistake when I measured 60s. I have set the timeout to 5s, which I think is the default for exim 4.6 (I have 4.5). Thanks again. -- Chris ___ Pkg-exim4-users mailing list [EMAIL PROTECTED] http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users ---End Message--- pgpIKAe32PDDi.pgp Description: PGP signature
Re: Should I use greylisting
Shaun T. Erickson wrote: Personally, I didn't like the added delay for first-time mails, which is why I chose to greylist only on blocklists, but for a minimal effort my spam was significantly reduced. what are you using to greylist based on blocklists? I use maRBL. The latest version lets me greylist (I use sqlgrey, but there are others) anyone who is found on whatever RBLs I configure it to check, and any connection that comes from a Windows box (the vast majority of which are botnet zombies). It has had an immense impact on the amount of spam that gets through to be looked at by SA clamav. I've been very happy with it. hmm. these two look like they're only for postfix. darn. was hoping for a Sendmail version and a SQL plugin.