FWIW: on my private domain, the number of rejected messages is given below.
The postfix mail daemon greylisting on Aug 3: 12 greylistings (3rd parties that not previously send email, blocked for 5 minutes)
The postfix mail daemon rejected messages on Aug 3:
0 relay attempts (mail not for our domains)
1 syntax address error (Illegal address syntax in MAIL or RCPT command)
11 FROM address forgeries (found with address verification)
1 FROM address error (FROM address has nonexistent domain)
0 TO address errors (non-existent user on our domains)
6 spam blocked (spammers that use our domain names in HELO and known
spammers)
31 messages total rejected by the mail serverSpamAssassin does spam checks on mail messages that get through:
2 spams caught by spamassassinYou can see that the volume is low, so maybe not very representative
(although I have these numbers every day).
And that actions on the side of the MTA (greylisting, address verification and very basic HELO verification) do a great job.
On my MTA, I don't need more advanced techniques (now :-).
-Marc
jdow wrote:
It would be fun to take greylisting one step farther than having a built in white list. It should also have a built in black list that leads the greylist tool to become a tarpit toy. This would be engaged automatically if the email is to a nonexistent address within the domain or nonexistent users.
{^_-}
----- Original Message ----- From: "Steve Prior" <[EMAIL PROTECTED]>
Lately I've been noticing that while the amount of spam that gets through SpamAssasin hasn't been too much, the number of entries in my spam folder has doubled or tripled in recent weeks. One spammer I'd especially like to make cry is Casino Zeal which keeps spamming and spamming, almost never gets through to my Inbox, but wastes my bandwidth. I have and like having a wildcard address for my domain, but recently I'm seeing spam sent to one made up address at my domain cc'ed to a list of made up addresses at my domain, so I see lots of copies of the same
spam!
I was thinking of a combination of SpamAssassin and greylisting where once SpamAssassin processed an email and flagged it as spam, the IP address of the received from as well as the subject of the email would be added to a list. The list would be aged somehow.
Here's my idea for processing: When delivery of any new email was attempted, the default would be to not greylist it. However, if the received from IP is on the list OR if the words in the subject line are some percent similar to a line in the list, then it gets greylisted. Anything that gets through the greylisting then goes through SpamAssassin.
My thinking is that this should have a REALLY low number of hams delayed by greylisting, but I'm seeing a lot of repetition in the spam I'm currently getting.
Has anyone already implemented something like this?
Steve
Marc Kool wrote:
greylisting has a small drawback, the delay. After implementation I watched it closely and in my case all legitimate servers sent the message again after 6 minutes or so.
The greylisting for postfix that I use (www.postgrey.org) has a
whitelist
so if you have 24x7 service contract with company ABC and might need to receive *urgent* mails from them, you can whitelist them.
-Marc
--
Met vriendelijke groeten,
Marc Kool Vioro Consultancy
