On 09/29/17 15:06, Markus Rosjat wrote: > my boss is getting on my nerves that greylisting is basically out of > date because of things like outlook.com and mails ending up delayed for > ever. So the next logical step would be to deploy a tool like rspamd or > spamassasin to examin mail content. These tools need to be trained and > if you have a small mailserver with less accounts this could take a > while I imagine.
It won't surprise anyone here that I disagree with the assertion that greylisting is in any way outdated. Come back with that assertion when the SMTP RFC is amended to drop the retry requirement. But there are actors in the email market that do not particularly care about standards compliance one way or the other, unfortunately (at least for those of us below critical mass in terms of volume) is to use the nospamd feature and not exposing those sending domains to greylisting at all. My sedimentary nospamd file, built on discovering SPF info for badly behaved domains, is available here https://home.nuug.no/~peter/nospamd - I only started commenting entries after a while, but it's a Works for me(tM) file. See man spamd for examples of how to include that in your config. If you want to build and maintain your own nospamd based on SPF records, Aaron Poffenberger's spf_fetch is very well worth looking into (see https://github.com/akpoff/spf_fetch) > So my question is, is there some source that you could use to train > these kind of tools (like a database that you could connect to for > training conntent ) or is every one here, that uses these tools, lucky > enough to have a shit load of users that do the training for your systems? Yes, you need content filtering too. As others have said, you won't be able to totally avoid the training effort based on local preferences, but with working greylisting in front of the content filtering, those servers will run a lot cooler than without. I suppose my long rant from a few years back is still relevant - https://bsdly.blogspot.no/2014/02/effective-spam-and-malware.html, for the fun parts of doing greytrapping see https://bsdly.blogspot.no/2013/05/keep-smiling-waste-spammers-time.html and https://bsdly.blogspot.no/2013/04/maintaining-publicly-available.html and of course https://bsdly.blogspot.no/2012/05/in-name-of-sane-email-setting-up-spamd.html might still be of some use. - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
