Hi Sarah,
On 3/28/2013 10:52 AM, Sarah Caswell wrote:
>
> I had a question about greylisting (with spamd) in production.
>
> I've successfully run spamd on firewalls (as a frontend to either
> barracuda or SpamAssassin) and have really liked the reduction in SPAM
> volume.
>
> Unfortunately my employer's wife does not like the delays that this
> introduces into our mail delivery, since she uses email for quick
> turn-around communication.
>
> The main problem occurs with senders like Gmail, yahoo, hotmail, etc.
> ...i.e. all the senders that have large farms of smtp servers from
> which they can retry delivery after initial greylisting delay.
>
> I know this means I'm not doing proper whitelisting of those major
> sender domains, but I'm at a loss on how to best construct and
> maintain such a whitelist.
>
> Are there any up-to-date lists that already track the MTAs of these
> large mail providers?
>
> Or will this mostly be a DIY effort on my part?
>
> Any thoughts/insights/experiences would be greatly appreciated.
I understand this email is about spamd(8), but I would like to mention
milter-greylist though, I think it is worth for people searching the net
for such a problem. You can build a ruleset to decide what you want to
whitelist/greylist/blacklist. The documentation is good enough,
sometimes a little bit terse, but you basically end up with a ruleset
like this which is pretty straightforward to understand and powerfull
enough:
% #
% # System config boilerplate skipped
% ...
%
% #
% # Some definitions.
% list "my network" addr { \
% 127.0.0.1/8 \
% 10.0.0.0/8 \
% 1.2.3.4 \ # MX 1
% 5.6.7.8 \ # MX 2
% }
% # provided by default
% list "broken mta" addr { \
% 12.5.136.141/32 \ # Southwest Airlines (unique sender)
% 12.5.136.142/32 \ # Southwest Airlines
% ...
% }
% dnsrbl "SPL-XBL" zen.spamhaus.org 127.0.0.0/29
% dnsrbl "PBL" zen.spamhaus.org 127.0.0.10/31
%
% #
% # Now the ruleset
% racl whitelist list "my network"
% racl whitelist list "broken mta"
% racl whitelist domain freebsd.org
% racl whitelist domain openbsd.org
% racl blacklist dnsrbl "SPL-XBL" msg "Sorry, refused by SPL/XBL"
% racl whitelist spf pass
% racl blacklist spf fail msg "Sorry, your IP is refused by SPF"
% racl greylist dnsrbl "PBL" delay 30m autowhite 3d msg "Please retry later
minutes, you are caught by PBL"
% racl greylist default delay 5m autowhite 15d
As a bonus, you can synchronize the greylist and auto-built whitelist
between your different MXes.
--
Jeremie Le Hen
Scientists say the world is made up of Protons, Neutrons and Electrons.
They forgot to mention Morons.
