Re: Is greylisting effective? (was Re: Using Postfix and Postgrey - not scanning after hold)

Sat, 30 Jul 2016 05:13:33 -0700 


Am 30.07.2016 um 13:10 schrieb Kim Roar Foldøy Hauge:

On Sat, 30 Jul 2016, Robert Schetterer wrote:


Am 30.07.2016 um 03:34 schrieb Reindl Harald:



Am 29.07.2016 um 22:48 schrieb Dianne Skoll:

On Fri, 29 Jul 2016 22:39:15 +0200
Robert Schetterer <r...@sys4.de> wrote:


I don't use postfix or postscreen.

hm.. that does not fit the subject..why did you involved yourself ?


I am sorry.  I should have changed the thread subject.


you may get that quite better, i see
a lot of server greylisting useless ,only filling up others queues
waiting for a second slot ,so it may only cheap for you but not for
your partners
Dont slow down communication if you dont need to


So what I didn't mention is that in our implementation, once an IP
address successully passes greylisting, we no longer greylist it for
the next 45 days.  (It would probably be pointless... if an IP passes
greylisting once, it probably will keep passing it.)


that's nothing special and postgrey does the same, the whole point of
greylisting is that badly written bots don't try again (the same happens
if they connect to a backup-MX responding with 4xx)

also it don't help for clients which *do not* pass like large senders
with outbound clusters coming each time from a different IP

hence you skip greylisting based on DNSWL and spf-policyd because that
big legit senders hit DNSWL or have a proper SPF while random bots of
infected machines don't and this ones are your target for greylisting



Harald is right, the goal has to be "reject" spam asap, not to tell
"come again later", i.e i had 4 bot cons per second, this will run out
the system of smtp slots rapidly which means any good sender isnt able
to sent mail too, greylisting makes such situations more worst.


I'm no expert here, but postgrey is usually a purely local test. It
should terminate with a "currently busy, try again later" message very
quickly



yes, but when the total amount reaches your maximum of smtpd processes 
because 4 bots per second there are no longer slots für legit clients 
and if you then greylist a large amount fo legit clients which are all 
coming back (in case of high legit traffic) things get much worser



in times of postscreen (and "Using Postfix and Postgrey" with current 
software implies that it is available) that all is not mucha problem 
because most crap don't make it to smtpd


well, and finally limit the impact by just use iptables on the server


ctstate NEW recent: UPDATE seconds: 2 hit_count: 5 name: DEFAULT side: 
source mask: 255.255.255.255





Attachment:
signature.asc

Description: OpenPGP digital signature





























					Reply via email to