Good tips. I'm running postfix/postgrey.
The combination of rolling source IP's and long periods between retries
seems to be the killer here. I also have quite a bit (but not all) of
the email that passes through this server channeled via an antispam
cloud service, this has probably shielded me from the collateral damage
of my greylisting for a while.
Will look into what options exist for postgrey that'll do similar to
what you're describing as a start, certainly subnetmatching to /24 or
/64 and whitelisting for spf passes seem to be quite logical.
Thanks,
Mark.
On 24/10/2017 10:20 p.m., Benoit Panizzon wrote:
Hi Mark
Outlook is not the only one that re-sends and email from a different ip
with each attempt.
What tool do you use for greylisting?
I can recommend milter-greylist which has ways to react to such
situations:
subnetmatch /24
subnetmatch6 /64
will consider ip addresses within a /24 IPv4 and /64 IPv6 network to be
same.
racl whitelist spf pass
Will not greylist from sender which pass SPF checks, which is
reasonable as you want to block out all those botnet drones which
hopefully do not retry to send an email after the first attempt.
Real mailservers would retry and therefore it is helpfull to avoid
greylisting them anyway.
And another feature:
dnsrbl "DNSWL" list.dnswl.org 127.0.0.0/16
racl whitelist dnsrbl "DNSWL"
Will also whitelist ranges from dnswl.org
-BenoƮt Panizzon-
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
