EE, Please have a look at this patch too when you get a chance (not a high priority methinks). I like this one better, as it is implemented nearer the front of the process in qmail-smtp instead of in simscan. I still think a firewall implementation would be best though.
Thanks for looking into these. -------- Original Message -------- Subject: Re: [simscan] [PATCH] Updated greylisting patch for simscan 1.2 Date: Mon, 13 Nov 2006 22:55:26 +0000 From: Gerard Earley <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Organization: Whitecurve To: [EMAIL PROTECTED] References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> Eric "Shubes" wrote: > Richard Archer wrote: > >> At 8:10 PM +0100 13/11/06, Florian G. Pflug wrote: >> >> >>> + * Algorithm: When a sender with a source ip for which no record yet exists >>> + * connects, his delivery will fail with a temporary error. >>> + * All following delivery attempts by that sender will fail with >>> + * a temporary error too, until GREYLIST_MIN_DELAY seconds after >>> + * his _first_ attempt. >>> >> The problem with checking only the IP address is that spambots >> work through a list of addresses to spam. So if they try one >> address on your server they get a 451. 5 minutes later they >> try a different address on your server and they get added to >> the whitelist. >> >> The way I set greylisting up is that it checks the IP/From/To >> tuple for retries and once it detects a retry it whitelists >> that IP address. >> >> I still think greylisting should be patched into qmail-smtpd >> so the 451 can be sent after the RCPT command. >> > > I agree. Greylisting should be as far in front of the process as possible, > ideally in the (external) firewall. I sure wish that greylisting was > integrated into IPCop. > > >> ...Richard. >> >> >> >> >> >> > > There is a qmail patch that implements the full ip/to/from triple in qmail during the SMTP phase. Its fairly simple to patch into qmail-smtpd though it does use mysql for storage so some people object to it for that reason. I implement it on every qmail box i admin and it reduces spam by a vast amount. About 99% of spam gets caught by it and I'm not exaggerating. http://www.digitaleveryware.com/projects/greylisting/ -- -Eric 'shubes'
!DSPAM:4558fe2927418441612098!
--------------------------------------------------------------------- QmailToaster hosted by: VR Hosted <http://www.vr.org> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]