On Sun, Aug 07, 2011 at 04:46:48PM -0700, Steve Fatula wrote:
[ broken formatting fixed ]
> I see some previous posts regarding this - just my 2 cents worth.
> There might be multiple triggers for the penalty time, but, one I'd
> like to see would be just like postscreen_dnsbl_threshold, perhaps
> postscreen_dnsbl_penalty_threshold. In this way, I might want a
> score of 3 to trigger block, but, a score of 1 to trigger the
> penalty time. Similar to what one can do with milter-greylist for
> example.
>
> Of course, one problem with using Postscreen in this manner is
> what some of the greylisting programs have added support for -
> mail servers who send the second attempt from a different nearby
> IP. Most of them allow some sort of mask. One could whitelist
> them, and, get around this I suppose.
>
> Am just hoping postscreen will support some form of greylisting
> so that a separate greylisting program is not needed for those
> who wish to greylist. Postscreen would be the best (least
> expensive) place to do so imho.
I would suggest that you adjust your expectations. With postscreen
you get the basic benefit that a greylisting implementation might
provide, generally without as much of the pain.
I do not believe that an enforced penalty period would improve the
spam-fighting results measurably. (FWIW that's just an opinion, no
research behind it.) And if you keep adding complex features to it,
postscreen will no longer be inexpensive.
When using the after-220 tests in postscreen, I highly recommend
using a second IP as lower priority MX as described in the README,
"MX Policy Test". That way, a legitimate mailer can retry on the
lower-priority MX immediately and be accepted, whereas ratware that
hits the lower-priority MX first is not.
However, BTW a surprising number of legitimate sites, including
Gmail, have not been trying the lower-priority MX at all. Gmail
clients also tend to pass off to another host for second and
subsequent attempts, always and only on the primary MX IP address.
The greatest value I am seeing in postscreen is the DNSBL scoring
feature. We're able to use much more aggressive DNSBLs this way.
It's not unusual to see 3 of these in agreement on spammer hosts
which are staying below Spamhaus/Barracuda radar.
(Note: I do not tell the client that I was using any of these more
aggressive DNSBLs. I have a postscreen_dnsbl_reply_map returning
"multiple DNS-based blocklists" for sites other than Spamhaus.)
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
