[IMGate] Re: greylisting
sav_white_candiates_ptr.sh #!/bin/sh DATENOW=`date +%y%m%d_%H%M` WORKPATH=/var/tmp WORKFILE=sav_white_can.rpt MAILTO=[EMAIL PROTECTED] echo $WORKPATH/$WORKFILE echo Sender Address Verification Database Report, `date` $WORKPATH/$WORKFILE echo $WORKPATH/$WORKFILE echo $WORKPATH/$WORKFILE echo $WORKPATH/i$WORKFILE egrep smtpd.*Sender address rejected: unverified address: connect /var/log/maillog | egrep -vi RCPT from unknown\[ |\ awk ' {printf %-35s\t%-25s\t%-20s\t%-20s\n,$10, $(NF-3), $(NF-2), $NF }' | sort -f | uniq -ci | sort -t[ -k2 \ $WORKPATH/$WORKFILE /usr/local/bin/zip $WORKPATH/sav_whitelist_candidates_$DATENOW.zip $WORKPATH/$WORKFILE for m in $MAILTO ; do /usr/local/bin/mpack -s `hostname` SAV non-verifiable whitelist candidates $WORKPATH/sav_whitelist_candidates_$DATENOW.zip $m done rm $WORKPATH/sav_whitelist_candidates_$DATENOW.zip exit
[IMGate] Re: greylisting
sorry, the was a report for SAV, not postgrey. Tom and I worked up a report for postgrey that he put on the postgrey site. greylisting is so harmless, it's almost not worth bothering with whitelisting, since legit servers whitelist themselves by re-trying once. Len
[IMGate] Re: Greylisting
I am finally doing the research to add greylisting (postgrey) to my IMGates and am wondering if it is still effective or have spammers found a way around this technique? still effective. what has happened is that a few more ISPs and networks operators have blocked egress to port 25, stopping a lot of the infected-subscriber-to-MX abuse, which is what postgrey is most effective against. but most of the planet does not block port 25. spam trojans are starting to send through the ISP relay (rather direct-to-MX), a real MTA (with retries), so greylisting doesn't stop that. Len
[IMGate] Re: Greylisting
Thanks, Christopher Checca Packard Transport, Inc. IT Department 24021 South Municipal Dr PO Box 380 Channahon, IL. 60410 815 467 9260 815 467 6939 Fax [EMAIL PROTECTED] www.packardtransport.com =20 -Original Message- From: [EMAIL PROTECTED] = [mailto:[EMAIL PROTECTED] On Behalf Of Len Conrad Sent: Thursday, March 03, 2005 12:42 PM To: IMGate@mgw2.MEIway.com Subject: [IMGate] Re: Greylisting Len, IYO is grey listing already starting to lose most of it's effectiveness? no, because a tiny %age of subscriber network operators block port 25. I'm comparing the mail server overhead delay in email delivery vs. not running grey listing. greylisting will reject a lot stuff earlier in the restrictions that=20 everything else, probably reject stuff you don't reject now, and since=20 rejects are cheap, you box could run better with greylisting, handling = less=20 messages.I don't have general rule but I've seen only 20% - 30% of=20 postgrey-rejected msgs be retried. eg, 130K greyslist rejects, and only 30K were re-tried. Len
[IMGate] Re: Greylisting
Len Conrad wrote: Len, IYO is grey listing already starting to lose most of it's effectiveness? no, because a tiny %age of subscriber network operators block port 25. greylisting will reject a lot stuff earlier in the restrictions that everything else, probably reject stuff you don't reject now, and since rejects are cheap, you box could run better with greylisting, handling less messages.I don't have general rule but I've seen only 20% - 30% of postgrey-rejected msgs be retried. eg, 130K greyslist rejects, and only 30K were re-tried. I was convinced so I'm in the process of adding it ( back? ) in to my IMGate systems. My question is to those that are _not_ greylisting everyone but only selected domains. What is your suggested list of domains to greylist? The examples I've found in the documentation at postfix.org give a semi-start list and the one at http://www.monkeys.com/anti-spam/filtering/sender-domain-validate.in seems a little excessive. What are others using? I didn't see any sender_access file in Len's stuff. TIA, Rod -- --- [This E-mail scanned for viruses by Declude Virus]
[IMGate] Re: Greylisting
I was convinced so I'm in the process of adding it ( back? ) in to my IMGate systems. My question is to those that are _not_ greylisting everyone but only selected domains. why would you not greylist all msgs? Len
[IMGate] Re: Greylisting
Len Conrad wrote: eg, 130K greyslist rejects, and only 30K were re-tried. I just started running greylisting this week and love it. My second box running SA and clamav is yawning. And yes Len you were correct, my dual box setup was SCREWY -- Andrew P. Kaplan www.cshore.com A fine is a tax for doing wrong. A tax is a fine for doing well. Anonymous -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 266.5.5 - Release Date: 3/1/2005