On 2010-04-01 19:06, Adam Katz wrote:
For what it's worth, I reconfigured my greylisting relay from a
blanket delay to delaying only spamcop neighbors, anything that hits a
DNSBL, and any Windows *desktop* (using p0f).
I once tried that, had had to refrain from it. The groupware system
FirstClass installed on Windows NT+ (of different flavors, including
"desktop" OSes) machines is (or was) popular with swedish disability
NGOs, and beeing an NGO for deafblind people, we need to be able to
communicate those systems.
I probably should analyze our current mail stream to see if we still get
lots of mail from FC systems, and what OSes those seem to be running on
nowadays.
(The fact that admins of above mentioned FirstClass systems tended to
configure outgoing SMTP in "odd" ways also amde m putin some
country/domainbased exemptions...)
If I recall correctly, Jonas's implementation also uses p0f and could
therefore benefit from my analysis.
Yes, my implementation can use p0f. It uses a list of tests that are
checked in order to decide wether a sending system sould be handled by
the grylist or not.
I'm currently using tests for OS (p0f), DNS black- and white-lists,
RDNS, MX, SPF, country (GeoIP), sender domain, local spam/ham history
and local otgoing hitory to make that desicion.
p0f's results with the (perl-compatible) regular expression
/Windows (?:XP|2000(?!SP4)|Vista)/
will safely block only desktops.
Interesting. I hope I'll have time to check that against or logs. It
would nice to have windows desktops greylisted while still beeing able
to exempt windows mail and groupware systems.
Regards
/Jonas
--
Jonas Eckerman
Fruktträdet & Förbundet Sveriges Dövblinda
http://www.fsdb.org/
http://www.frukt.org/
http://whatever.frukt.org/
