I wrote a tarpitting policy server.
It is patch for postgrey greylisting policy server.
It needs Postfix-2.3.x or more. (use SLEEP action)
taRgrey - S25R + tarpitting + greylisting
http://k2net.hakuba.jp/targrey/index.en.html
http://k2net.hakuba.jp/pub/targrey-0.30-postgrey-1.27.patch
taRgrey is a patch that makes postgrey into a tarpitting policy server.
Tarpitting means response delay for blocking spam.
taRgrey is designed to decrease false positives.
I had used greylisting combined with the S25R anti-spam system on my
mail server.I named this system Rgrey. S25R defines reverse FQDN
patterns to presume clients to have a dynamic IP address.
The Selective SMTP Rejection (S25R) System
http://www.gabacho-net.jp/en/anti-spam/anti-spam-system.html
Rgrey greylists clients only when their reverse FQDN matches the S25R rules.
Rgrey - S25R + greylisting
http://k2net.hakuba.jp/rgrey/ (This page is written in Japanese only.)
Therefore almost all legitimate mail servers are not greylisted, then,
false positives get fewer. Rgrey on my mail server could block 94% of
spam.
After that, I had used tarpitting combined with S25R. I named this
system Starpit.
Starpit - S25R+tarpitting
http://d.hatena.ne.jp/stealthinu/20060706/p5 (This page is
written in Japanese only.)
Tarpitting doesn't cause a long delay as in greylisting.
It can accept mail servers even though they don't retry or retry with a
different IP address each time. Starpit on my mail server could block
93% of spam when the delay time was set to 65 seconds.
However, Starpit still caused false positives. Most of them were caused
in case of email magazine and email news. taRgrey solves this problem.
It accepts mail by greylisting when it is resent after blocked by
tarpitting.
We set parameters for taRgrey so that anti-greylisting spam cannot pass
through. We can safely configure greylisting tight because there are few
legitimate mail blocked by Starpit.
Moreover, this patch enables us to specify the number of times of
retry for greylisting. Most of anti-greylisting spam retries just once.
Additional functions with this patch are as follows:
* tarpitting: --tarpit=35 (35 second tarpitting and greylisting)
* taRgrey mode: --tarpit=65 --targrey (greylists if blocked by 65
sec tarpitting)
* greylisting retry threshold: --retry-count=2 (permits after 2 time retries)
* auto-whitelist count delay: --auto-whitelist-delay=3600 (counts up
once an hour)
* outputs client's IP addresses to the auto-whitelist log.
Sample of configuration file
http://k2net.hakuba.jp/spam/postfix.conf.2.tar.gz
Anybody using this?
Is it an improvement vs postgrey alone? Which improvements?
thanks
Len
