> > And spammer are becoming more faster as the time goes on.. Is it > > convenient to use gray listing > > newer bots retry, so GL is only effective is the time > interval is large enough, but that's not a neutral thing so > should be restricted to suspicious mail. That's what I use GL > for anyway.
What do I need to set up GL? Only the command below or there is something other parameter that I could set up (eg: the time spent before a message is accepted and so on)? > the spam you showed has: > > Received: from [125.128.59.158] (unknown [125.128.59.158]) > > > which means the client is "unknown" and it helo'ed with a > literal IP (it's from Korea too but let's ignore this). My > postfix has a check_helo_acces with a pcre: > > /^[/ reject_unknown_client, policy_greylist > > This rejects mail if the client is unknown and helo's with a > literal IP. It's very interesting.. In what restriction do I have to put the rulese above? > I've not seen literal IPs in ham on an MX. Note that this > test must not be applied on an MSA: MUAs like Thunderbird do > helo with a literal IP. Infact.. Indeed I'm not using MSA.. So this complicates the things.. :-( > The test is run before DNSBL checks, so it saves some cycles > and reduces the load on DNSBL sites. these days, the test > catches about 15% of mail rejected at MTA time. > > Note that reject_unknown_client returns a temp error, but > unlike GL, you'll need to whitelist the client if you want to > accept his mail). if this is a real issue, just remove the > reject_unknown_client part and leave the greylisting check. but So you are saying that I have to WL the client that present himself to my server with an IP rather than a hostname? And how I could withelist that client? > of course, this is mostly a temporary cure. if ratware learns > to helo with a hostname, it won't be caught. but let's fight > the spam of today for now ;-p I agree with.. Compliment for your exahustive argumentation.. rocsca