Op Wed, 14 Dec 2016 18:07:15 +0100 schreef Craig Skinner
<skin...@britvault.co.uk>:
On Tue, 13 Dec 2016 18:29:00 +0000 (UTC) Mik J wrote:
I use spamlogd so that every outgoing mail adds the remote mx IP in
my whitelist.
As with many domains, large mail services deploy/out source separate
inbound & outbound clusters, so spamlogd'ing outbound mail wont help.
These spamlogd flags seem to work best here:
spamlogd_flags='-I -Y ... -Y ... -Y ....'
I'm not sure I understood what this patch does.
It's used to give some additional statistics?
spamd expires trapped IP addresses after 24 hours.
Boudewijn's patch keeps them trapped while they continue to spam.
His stats prove it works.
My stats just prove that senders exist who will happily continue delivery
attempts for weeks or months. ;)
To see that it works, you have to turn on verbose logging and realise that
spammers who get greytrapped sometimes also use valid envelope-to
addresses. My patch is intended to reduce the chances of those spammers
getting whitelisted. It can also be used as an ad-hoc blacklist for e.g.
senders of daily newsletters who refuse to unsubscribe you.
I read somewhere that gmail servers change their IPs when they retry
to send the mails.
This tool helps to auto white list silly round robin senders:
http://web.Britvault.Co.UK/products/ungrey-robins/
(SPF lists are often not trustworthy.)
Whitelisting an address simply because it appears on an SPF record of a
domain used for legitimate mail, is indeed a bad idea. SPF was never
meant for that.
SPF can be used for accept/reject decisions, but your policy of what to do
with a certain SPF result should be based on your level of trust in the
publishing domain.
--
Boudewijn Dijkstra
Indes-IDS B.V.
+31 345 545 535
