Dave Augustus wrote:
> Anyone point me in the right direction?
>
> I am just thinking of increasing the spam level counter based on whether
> they have a reverse IP address. I have tried to reject these outiright
> based on this criteria but that would cause too many false positives.
Slightly OT, as I don't have a SA based solution off the top of my head:
I had the same problem. I wound up implementing milter-greylist in a way that
greylists these hosts, but lets most systems past. I'm not sure if you're using
sendmail or not, but I found this VERY helpful.
The selective greylisting is possible due to milter-greylist's use of ACLs, and
a configurable default action. Most folks whitelist certain hosts, and use a
default of greylist. I do the opposite. I greylist selected patterns, then
whitelist the rest.
This simple bit of milter-greylist config will do it:
# enable posix extended regex syntax instead of posix basic syntax
extendedregex
#greylist unresolvable hosts
acl greylist domain /\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]/
# set a default to whitelist anything not grelyisted
acl whitelist default
I also find it helpful to start off whitelisting all my servers and clients,
then follow up with a greylist of anything with an envelope from of my domain.
This knocks down a lot of viruses. Since milter-greylist applies it's ACL's in
order, you can do white-grey-default white.
If anyone wants to see my config I can post it up somewhere (with the whitelist
bits censored out)
