Re: [courier-users] Greylisting HowTo please....

Wed, 21 Dec 2005 14:30:06 -0800 

On Wed, Dec 21, 2005 at 10:49:16PM +0100, Peter Holm wrote:

> how to implement greylisting with courier

I just recently completed setting up pf + spamd.  You can use OpenBSD or 
FreeBSD.  I like this approach because it puts the logic in the 
firewall and not in the MTA, and the two are cleanly seperated.

The manual pages are really very good. Here are a few issues I ran into:

- unless you want to setup a private subnet, the courier esmtpd must be 
  on the same box as pf + spamd.  My first attempt had courier running 
  in a jail on the same box (which worked).  Then I tried moving the 
  jail to another box (which didn't work).  If you need to split courier 
  off to a seperate box, you must setup a private subnet.

- I use the Composite Blocking List from cbl.abuseat.org.  It takes 
  around 8 minutes to load these 1.7 million+ IP's into spamd's 
  blacklist table, and the CPU get's pegged.  I currently update spamd's 
  blacklist twice a day with nice -n 20, but probably will make it more 
  frequent.

- I haven't measured it yet, but it appears the effectiveness of 
  tarpitting is less satisfying than I had hoped for.  The spammers have 
  learned to disconnect from a tar pit pretty quickly.  The spamd author 
  is working on stuttering to try to trick spammers into staying 
  connected longer, but it's not in FreeBSD yet.

- some stats:

    [EMAIL PROTECTED] spamdb | grep -c ^WHITE
    18538
    [EMAIL PROTECTED] spamdb | grep -c ^GREY
    2248
    [EMAIL PROTECTED] grep -c "^Dec 21.*: disconnected after" /var/log/spamd.log
    153958
    [EMAIL PROTECTED] grep -c "^Dec 21.*: disconnected after 0 seconds" 
/var/log/spamd.log
    102217
    [EMAIL PROTECTED]
m



-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
courier-users mailing list
[email protected]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to