[IMGate] Re: greylisting

2005-03-06 Thread Len Conrad 
sav_white_candiates_ptr.sh


#!/bin/sh

DATENOW=`date +%y%m%d_%H%M`
WORKPATH=/var/tmp
WORKFILE=sav_white_can.rpt
MAILTO=[EMAIL PROTECTED]

echo   $WORKPATH/$WORKFILE
echo Sender Address Verification Database Report, `date`  
$WORKPATH/$WORKFILE
echo   $WORKPATH/$WORKFILE
echo   $WORKPATH/$WORKFILE
echo   $WORKPATH/i$WORKFILE

egrep smtpd.*Sender address rejected: unverified address: connect 
/var/log/maillog | egrep -vi RCPT from unknown\[ |\
  awk ' {printf %-35s\t%-25s\t%-20s\t%-20s\n,$10, $(NF-3), $(NF-2), $NF 
}' | sort -f | uniq -ci | sort -t[ -k2 \
$WORKPATH/$WORKFILE

/usr/local/bin/zip  $WORKPATH/sav_whitelist_candidates_$DATENOW.zip 
$WORKPATH/$WORKFILE

for m in $MAILTO ; do

/usr/local/bin/mpack -s `hostname` SAV non-verifiable whitelist 
candidates  $WORKPATH/sav_whitelist_candidates_$DATENOW.zip $m
done

rm $WORKPATH/sav_whitelist_candidates_$DATENOW.zip

exit

[IMGate] Re: greylisting

2005-03-06 Thread Len Conrad 
sorry, the was a report for SAV, not postgrey.

Tom and I worked up a report for postgrey that he put on the postgrey site.

greylisting is so harmless, it's almost not worth bothering with 
whitelisting, since legit servers whitelist themselves by re-trying once.

Len

[IMGate] Re: Greylisting

2005-03-03 Thread Len Conrad 

I am finally doing the research to add greylisting (postgrey) to my IMGates
and am wondering if it is still effective or have spammers found a way
around this technique?

still effective.

what has happened is that a few more ISPs and networks operators have 
blocked egress to port 25, stopping a lot of the infected-subscriber-to-MX 
abuse, which is what postgrey is most effective against.

but most of the planet does not block port 25.

spam trojans are starting to send through the ISP relay (rather 
direct-to-MX), a real MTA (with retries), so greylisting doesn't stop that.

Len

[IMGate] Re: Greylisting

2005-03-03 Thread Christopher Checca 
Thanks,

Christopher Checca
Packard Transport, Inc.
IT Department
24021 South Municipal Dr
PO Box 380
Channahon, IL.  60410
815 467 9260
815 467 6939 Fax
[EMAIL PROTECTED]
www.packardtransport.com
=20

-Original Message-
From: [EMAIL PROTECTED] =
[mailto:[EMAIL PROTECTED]
On Behalf Of Len Conrad
Sent: Thursday, March 03, 2005 12:42 PM
To: IMGate@mgw2.MEIway.com
Subject: [IMGate] Re: Greylisting


Len, IYO is grey listing already starting to lose most of it's
effectiveness?

no, because a tiny %age of subscriber network operators block port 25.

I'm comparing the mail server overhead  delay in email
delivery   vs.   not running grey listing.

greylisting will reject a lot stuff earlier in the restrictions that=20
everything else, probably reject stuff you don't reject now, and since=20
rejects are cheap, you box could run better with greylisting, handling =
less=20
messages.I don't have general rule but I've seen  only 20% - 30% of=20
postgrey-rejected msgs be retried.

eg, 130K greyslist rejects, and only 30K  were re-tried.

Len

[IMGate] Re: Greylisting

2005-03-03 Thread Roderick A. Anderson 
Len Conrad wrote:
Len, IYO is grey listing already starting to lose most of it's
effectiveness?
 
 no, because a tiny %age of subscriber network operators block port 25.
 
 greylisting will reject a lot stuff earlier in the restrictions that 
 everything else, probably reject stuff you don't reject now, and since 
 rejects are cheap, you box could run better with greylisting, handling less 
 messages.I don't have general rule but I've seen  only 20% - 30% of 
 postgrey-rejected msgs be retried.
 
 eg, 130K greyslist rejects, and only 30K  were re-tried.

I was convinced so I'm in the process of adding it ( back? ) in to my 
IMGate systems.  My question is to those that are _not_ greylisting 
everyone but only selected domains.  What is your suggested list of 
domains to greylist?  The examples I've found in the documentation
at postfix.org give a semi-start list and the one at

http://www.monkeys.com/anti-spam/filtering/sender-domain-validate.in

seems a little excessive.  What are others using?  I didn't see any 
sender_access file in Len's stuff.


TIA,
Rod
-- 
---
[This E-mail scanned for viruses by Declude Virus]

[IMGate] Re: Greylisting

2005-03-03 Thread Len Conrad 

I was convinced so I'm in the process of adding it ( back? ) in to my
IMGate systems.  My question is to those that are _not_ greylisting
everyone but only selected domains.

why would you not greylist all msgs?

Len

[IMGate] Re: Greylisting

2005-03-03 Thread Andrew P. Kaplan 
Len Conrad wrote:

 eg, 130K greyslist rejects, and only 30K  were re-tried.
 

I just started running greylisting this week and love it. My second box 
running SA and clamav is yawning. And yes Len you were correct, my dual 
box setup was SCREWY

-- 
Andrew P. Kaplan
www.cshore.com


A fine is a tax for doing wrong. A tax is a fine for doing well.

Anonymous


-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.300 / Virus Database: 266.5.5 - Release Date: 3/1/2005