Stefan G. Weichinger put forth on 12/8/2010 5:53 PM: > Am 08.12.2010 07:52, schrieb Stan Hoeppner: >> I just added installation/usage instructions to the top of the file >> yesterday. As mouss stated, you'll see an entry in your mail log file >> with detailed optional text, usually identifying the ISP by name. >> Pflogsumm or logwatch can help you easily see what's going on with >> Postfix by creating log summaries and statistics. > > Thanks, Stan, I just found this thread and started to test-drive this > pcre-list. > > I am not sure which thread you refer to and if my questions would be > answered there, so pls forgive if I should RTFM somewhere: > > * is it really making greylisting useless? I use postgrey successfully > (and without too much load), but if I could get rid of it, it would also > remove those "where is my mail?"-issues due to the initial delay of > greylisting.
The original design usage of greylisting was to stop spam bots as they don't retry as an RFC compliant MTA does. If that is your main goal for your greylisting daemon, then this set of pcres, along with spamhaus pbl and cbl checks (use zen) is pretty much equivalent in bot rejection performance to greylisting. (Run this before the zen query as local table lookups are faster) But with this solution you don't have the dreaded retry wait period, nor a triplet database to maintain, nor an extra daemon running. However, there is the possibility of "false positives" regarding rejected legit mail. Some ISPs lump SOHO accounts and consumer accounts into the same rDNS pattern, and there's always the chance someone is hosting a legit MTA on a consumer line (I've done so in the past). Some ISPs don't allow custom rDNS. Whitelist such an IP in these cases with a check_client_access type:table before running this pcre check.. > * is your list rather static or dynamic? is a frequent "wget" or so > necessary/recommended? Entirely static at this point. However, this list isn't complete by any means, and is missing many rdns patterns for ISPs around the world. There have got to be more than 1600 broadband ISPs. This leaves room for improvement. Someone expressed some interest to me WRT starting a community project based on this list, with OPs around the world adding their own expressions to the list to expand it over time and make it more effective as a more general spam fighting tool. The current set of 1600 expressions is a good starting point. AFAIK that effort hasn't begun. I have no interest in leading nor hosting a "big project" based on this, but I'd gladly accept any *thoroughly tested* regexes and add them to the "master" list I currently host at http://www.hardwarefreak.com/fqrdns.pcre I'd be glad to start new sections of the file for spam source types other than consumer rdns patterns. Patterns of snowshoe farms would be good. > * how do/did you generate it? As I've stated in the past in many fora, including this list, I didn't create that set of regexes. It was donated anonymously, originally as a regexp file, to the spam-l (now defunct) mailing list by a member, who I believe likely works for a good sized US ISP. I believe he, or his team, created the list over a lengthy period of time by analyzing spam logs. I corrected a couple of syntax errors to make it run as a pcre in Postfix. I've added exactly one expression to the bottom of the list, which actually blocks a snowshoe spammer, not rdns bots. Other than doing an amateur job of promoting its use, that is my single contribution to this pcre list to this point. > Thanks a lot for sharing, Stefan You're very welcome. It works very well for me and those I've shared it with so far. I was told to feel free to share it, so that's what I do. -- Stan
