[Mimedefang] greylist implemenation

Sorry I missed this in the digest, but, that's a link to something I wrote. We've been doing greylisting out of MIMEDefang for about ten months. It seems to be working well. The initial coding and testing took some time, but since we put it into production, I haven't had to devote much time

Re: [Mimedefang] greylist implemenation

Hi. Only one to use ;-) Emmanuel Dreyfus (the owner) frequently is seen on the greylist mailing list, too. Been using this for years, it works. You need to tweak it a little and make sure that you whitelist the mailing servers that have a "rather low frequency" ;-) of retrying. (in my case som

Re: [Mimedefang] greylist implemenation

Am 26.03.2010 um 11:59 schrieb Marcus: http://hcpnet.free.fr/milter-greylist/ May be OT, but any experiences with this filter? Works fine for me too. But I have a small mail server with ca 300 mail addresses. I have 3 milter to minimize the load of milter-greylist and the mail server:

Re: [Mimedefang] greylist implemenation

Am Fr, 26.03.2010, 11:59 schrieb Marcus: > > http://hcpnet.free.fr/milter-greylist/ > > May be OT, but any experiences with this filter? Works fine here on two servers. Reasonably easy to set up, and no problems so far. HTH Tilman ___ NOTE: If ther

Re: [Mimedefang] greylist implemenation

Hi, Am Freitag, den 26.03.2010, 12:37 +1100 schrieb Jobst Schmalenbach: > If you use sendmail or postgres you can do that with > a milter, very simple install. I'm running sendmail on Debian/Lenny. I used milter-gris from snert.com for years, but would like to change now, because this milter isn'

Re: [Mimedefang] greylist implemenation

2010/3/26 Jobst Schmalenbach : > > If you use sendmail or postgres you can do that with > a milter, very simple install. > Or with spamd if you use a bsd system http://www.openbsd.org/spamd/ ___ NOTE: If there is a disclaimer or other legal boilerplate

Re: [Mimedefang] greylist implemenation

If you use sendmail or postgres you can do that with a milter, very simple install. I am not sure whether that is actually the best option as all the info you need is given to the receiving server at connection time (mailserver, domain, sender, recipient) and doing this in mimedefang adds overhea

[Mimedefang] greylist implemenation

Hi, could someone post a working greylist implemenation within mimedefang? Thanks, Marcus ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and

Re: [Mimedefang] Greylist-busting ratware?

On 19/04/2006, at 12:23 PM, David F. Skoll wrote: Anyone else seeing this? We see it quite a lot, and always from cable modem or DSL machines (probably cracked Windoze boxes.) i haven't had time to do the forensics yet but i'm definitely of the opinion that greylist aint working so well

Re: [Mimedefang] Greylist-busting ratware?

[EMAIL PROTECTED] wrote: ... in which case you can infer that they're infected, and the problem has gone from a technical one to a business one. Do you cut off the customer's access, fix their infection, send them a warning note... ? I would think it depends on who you are... an ISP, a comp

RE: [Mimedefang] Greylist-busting ratware?

WBrown wrote: > Are the credentials really stolen, or is the ratware actually using > the credentials that belong on the zombied computer. I would bet the > later. User changes password without cleaning off the infection and > goes right back to sending spam. ... in which case you can infer that

RE: [Mimedefang] Greylist-busting ratware?

[EMAIL PROTECTED] wrote on 04/21/2006 02:05:52 PM: > I see this as a good thing. You can tie the spam back to a > particular user. They change their password, and the ratware is blocked. Are the credentials really stolen, or is the ratware actually using the credentials that belong on the z

RE: [Mimedefang] Greylist-busting ratware?

John Rudd wrote: > On Apr 20, 2006, at 16:34, nathan r. hruby wrote: >> - Inbound ratware using SMTP AUTH to authenticate as a real user > > Hm. We haven't seen this at all yet. That's not a good sign. I see this as a good thing. You can tie the spam back to a particular user. They change th

Re: [Mimedefang] Greylist-busting ratware?

--On Friday, April 21, 2006 9:30 -0400 "nathan r. hruby" <[EMAIL PROTECTED]> wrote: - Inbound ratware using SMTP AUTH to authenticate as a real user Hm. We haven't seen this at all yet. That's not a good sign. Yeah. We were *thrilled* to see this happening. *Thrilled* I tell you.

Re: [Mimedefang] Greylist-busting ratware?

On Thu, 20 Apr 2006, John Rudd wrote: On Apr 20, 2006, at 16:34, nathan r. hruby wrote: - ratware infected boxen on campus use campus relays which relay by IP. They spew, we queue. Badness for everyone. We no longer have our student-residential IP block in our relay domain for this reas

Re: [Mimedefang] Greylist-busting ratware?

On Apr 20, 2006, at 16:34, nathan r. hruby wrote: - ratware infected boxen on campus use campus relays which relay by IP. They spew, we queue. Badness for everyone. We no longer have our student-residential IP block in our relay domain for this reason. They were, by far, our biggest sour

Re: [Mimedefang] Greylist-busting ratware?

Sorry for the delayed reply... On Tue, 18 Apr 2006, David F. Skoll wrote: Hi, I think greylisting is nearing the end of its useful life. I'm noticing a new kind of ratware that retries every 5 minutes like clockwork, mutating message bodies. Our CanIt software tempfails mail until it's appro

Re: [Mimedefang] Greylist-busting ratware?

On 18 Apr 2006 at 22:23, David F. Skoll wrote: > For example: > > http://www.roaringpenguin.com/canit/showtrap.php?o=71.0.177.139&status=spam > > (Login/password = demo/demo) > > Anyone else seeing this? Yeah, I get some...it's that stock spam, right? The funny thing is that I haven't seen *a

[Mimedefang] Greylist-busting ratware?

Hi, I think greylisting is nearing the end of its useful life. I'm noticing a new kind of ratware that retries every 5 minutes like clockwork, mutating message bodies. Our CanIt software tempfails mail until it's approved by a human, and this mechanism has the side-effect of illuminating ratware

RE: [Mimedefang] Greylist Exclusions

2006 3:43 PM To: mimedefang@lists.roaringpenguin.com Subject: [Mimedefang] Greylist Exclusions Hi, I have been running a Mimedefang Integrated MySQL variation of greylisting now for the past 3-4 months, which has dropped the amount of SPAM we have to reject after the DATA phase by 3 quarters! Howeve

[Mimedefang] Greylist Exclusions

Hi, I have been running a Mimedefang Integrated MySQL variation of greylisting now for the past 3-4 months, which has dropped the amount of SPAM we have to reject after the DATA phase by 3 quarters! However, I am getting requests from users who want to have particular sender domains excluded f

Re: [Mimedefang] Greylist with shared data

On 1/3/2006 21:38, Roland Pope wrote: > I have tried two seperate ISP's and still no joy. I wonder if this is a > location specific problem? Maybe the coral cache will work? ~Jason -- ___ NOTE: If t

Re: [Mimedefang] Greylist with shared data

- Original Message - From: "Gary Funck" <[EMAIL PROTECTED]> I notice that a number of people have implemented John Kirkland's MySQL greylist implementation from http://www.bl.org/~jpk/md-greylist, but his website appears to be no longer available?? Try again. Seems to be working just n

RE: [Mimedefang] Greylist with shared data

> > I notice that a number of people have implemented John Kirkland's MySQL > greylist implementation from http://www.bl.org/~jpk/md-greylist, but his > website appears to be no longer available?? Try again. Seems to be working just now. - Gary ___

[Mimedefang] Greylist with shared data

Hi, I notice that a number of people have implemented John Kirkland's MySQL greylist implementation from http://www.bl.org/~jpk/md-greylist, but his website appears to be no longer available?? Does anyone on this list have a mimedefang filter based greylist implementation that allows me to sha

Re: [Mimedefang] Greylist DB addition fails silently?

On Wed, 23 Jun 2004, Justin wrote: > > I would be very interested in a copy of this as I have wanted to use > > greylists, but needed to have a shared DB as I have multiple MX's. > Be careful with single point of failure. I believe many here have noted > that it's better to just have an independe

Re: [Mimedefang] Greylist DB addition fails silently?

On Thu, 24 Jun 2004, Roland Pope wrote: - Original Message - From: "Justin" <[EMAIL PROTECTED]> I have modified Steven Rocha's implementation (http://lists.roaringpenguin.com/pipermail/mimedefang/2004-February/020126.html) which I believe is a modification of Jonas' implementation. My mod

RE: [Mimedefang] Greylist DB addition fails silently?

Paul Murphy said: > Hmm, I was afraid that would be the answer... The database fell over at > 9212 > keys, and when I created a new version, is OK. MySQL would be relatively > simple, but the hassle of having to work out the connection details with > the > multiplexor is something I had hoped t

Re: [Mimedefang] Greylist DB addition fails silently?

- Original Message - From: "Justin" <[EMAIL PROTECTED]> > I have modified Steven Rocha's implementation > (http://lists.roaringpenguin.com/pipermail/mimedefang/2004-February/020126.h tml) > which I believe is a modification of Jonas' implementation. My modified > version uses a PostgreSQL

Re: [Mimedefang] Greylist DB addition fails silently?

On Wed, 23 Jun 2004, David F. Skoll wrote: On Wed, 23 Jun 2004, -ray wrote: Yes i saw very similar problems when trying to implement greylisting using Jonas' code. I ended up NOT using greylisting because of this problem, I've had endless problems with Berkeley DB and Perl. Our greylisting imp

RE: [Mimedefang] Greylist DB addition fails silently?

On Wed, 23 Jun 2004, Paul Murphy wrote: > Presumably if making the DBI connection and all of the SQL prepare > statements are done in filter_initialize, and the database is closed > in filter_cleanup, then it should all work OK using DBI execute > statements in the main filter code? Yes. I usual

RE: [Mimedefang] Greylist DB addition fails silently?

> I've had endless problems with Berkeley DB and Perl. Our greylisting > implementation uses PostgreSQL; I'm sure it wouldn't be too hard to > write a DBI version that can use MySQL or PostgreSQL. Hmm, I was afraid that would be the answer... The database fell over at 9212 keys, and when I creat

Re: [Mimedefang] Greylist DB addition fails silently?

On Wed, 23 Jun 2004, -ray wrote: > Yes i saw very similar problems when trying to implement greylisting using > Jonas' code. I ended up NOT using greylisting because of this problem, I've had endless problems with Berkeley DB and Perl. Our greylisting implementation uses PostgreSQL; I'm sure it

Re: [Mimedefang] Greylist DB addition fails silently?

On Wed, 23 Jun 2004, Paul Murphy wrote: > I wrote a script to add an entry to the database. It ran, and reported that it > had successfully written the record, but on a search immediately afterwards, no > record was found. I changed the DB filename to /tmp/test, and it worked OK... > > Has anyo

[Mimedefang] Greylist DB addition fails silently?

Hi, I've been running Jonas' greylisting code from http://whatever.frukt.org/mimedefang-filter.shtml#mimedefang-filter for some time with good experiences to date - greylisting cuts out something like 95% of spam without any scanning overhead, although I've discovered some badly behaved mail syste

RE: [Mimedefang] Greylist cleaner script problem

On 26 May 2004 at 17:44, Paul Murphy wrote: > Todd, > > > I am trying to use a slightly modified version of the greylist > > cleaner perl script that is found on Jonas Eckerman's web page to > > clean up my greylist database file. It runs okay, and gives me > > valid results, but does not change

RE: [Mimedefang] Greylist cleaner script problem

Todd, > I am trying to use a slightly modified version of the greylist > cleaner perl script that is found on Jonas Eckerman's web page to > clean up my greylist database file. It runs okay, and gives me valid > results, but does not change my database file at all. Here is what > my script f

[Mimedefang] Greylist cleaner script problem

like. #!/usr/bin/perl -ws # use DB_File; use Fcntl ':flock'; use Benchmark; $gdb_white = 36*24*60*60; $gdb_grey = 36*60*60; $DBFilename = "/var/spool/MIMEDefang-Greylist-DB/.greylistdb"; sub lock_db () { print ("Locking file..."); open(LOCKFILE

RE: [Mimedefang] greylist db size limit?

Gary, > Ok, let's just say that you never quite got around to running > the greylist db cleaner. Is there a limit to the size that > the greylist db can get? Mine suspiciously seems to have > topped out at 1024, and didn't seem to want to get any bigger There's no hardcoded size limit as

[Mimedefang] greylist db size limit?

Ok, let's just say that you never quite got around to running the greylist db cleaner. Is there a limit to the size that the greylist db can get? Mine suspiciously seems to have topped out at 1024, and didn't seem to want to get any bigger (and in fact, I had some mail that kept bouncing

[Mimedefang] Greylist

Hi, I found the greylist implementation at http://lists.roaringpenguin.com/pipermail/mimedefang/2004-February/020126.html very useful, and I made a little change to support a greylist 'whitelist'. My intention is to not apply the greylist rules to local or trusted ip. The white list is a BDB f

Re: [Mimedefang] greylist filter error

Xiaoyan Ma said: > mimedefang-multiplexor: [ID 980602 mail.info] Slave 4 stderr: Use of > uninitialized value in numeric eq (==) at /etc/mail/mimedefang-filter line > 141, line 35. > > Here is the related part of code: > > lock_db(); > tie %hash, 'DB_File', $DBFilename; > my $ret =

[Mimedefang] greylist filter error

I borrowed David and Lucas' greylist code and tested on one box first it didn't generate any error but when implemented the same filter to another box I got the following error message in the log: mimedefang-multiplexor: [ID 980602 mail.info] Slave 4 stderr: Use of uninitialized value in numeri

Re: [Mimedefang] Greylist TEMPFAILS being viewed as 5.x.x PERM fails?

On Wed, 28 Jan 2004 14:14:34 -0500, Cormack, Ken wrote: > It seems that RFC brain-dead mailers are out there, that interpret > a tempfail as if it were a 5.x.x permanent failure, and the > failure is being handed back to the sending user's MUA. Yep, they are. And with stupid error messages as

Re: [Mimedefang] Greylist TEMPFAILS being viewed as 5.x.x PERM fails?

On Wed, 28 Jan 2004, David F. Skoll wrote: > On Wed, 28 Jan 2004, Cormack, Ken wrote: > > > It seems that RFC brain-dead mailers are out there, that interpret a > > tempfail as if it were a 5.x.x permanent failure, and the failure is being > > handed back to the sending user's MUA. > > No, what's

RE: [Mimedefang] Greylist TEMPFAILS being viewed as 5.x.x PERM fa ils?

o: '[EMAIL PROTECTED]' Subject: Re: [Mimedefang] Greylist TEMPFAILS being viewed as 5.x.x PERM fails? On Wed, 28 Jan 2004, Cormack, Ken wrote: > It seems that RFC brain-dead mailers are out there, that interpret a > tempfail as if it were a 5.x.x permanent failure, and the failure

Re: [Mimedefang] Greylist TEMPFAILS being viewed as 5.x.x PERM fails?

On Wed, 28 Jan 2004, Cormack, Ken wrote: > It seems that RFC brain-dead mailers are out there, that interpret a > tempfail as if it were a 5.x.x permanent failure, and the failure is being > handed back to the sending user's MUA. No, what's going on is that the brain-dead senders receive 4xx for

[Mimedefang] Greylist TEMPFAILS being viewed as 5.x.x PERM fails?

List, Quite some time ago, we implimented greylisting, based on code snippets posted here by various people. I'd like to share a problem we're having, to see if it rings a bell with anyone on this list. When a triplet is first encountered, we tempfail the message and add the triplet to the datab