Ed,
I'm looking to set up a spam filtering server to replace our ISP's
spam filtering service.
I've seen this tutorial (
ftp://orn.mpg.de/pub/unix/mail/Fairly-Secure_Anti-SPAM_Gateway_Using_SpamAssassin.html#antivirus
) and I'd be very interested in YOUR opinion; do you think,
Gentlemen,
Thank you for your feedback!
I'll be sure to check into Postgrey.
Are there any special considerations to installing/configuring it or
is it simply a matter of installing, reading the docs and configuring?
Ed
Am 29.11.2012 17:04, schrieb Ed Flecko:
Gentlemen,
Thank you for your feedback!
I'll be sure to check into Postgrey.
Are there any special considerations to installing/configuring it or
is it simply a matter of installing, reading the docs and configuring?
Ed
yes dont do greylist
On Thu, 29 Nov 2012, Ed Flecko wrote:
I'll be sure to check into Postgrey.
Are there any special considerations to installing/configuring it or
is it simply a matter of installing, reading the docs and configuring?
The biggest consideration is not technical, it's managing the expectations
Good thoughts...thank you John.
Ed
From: John Hardin jhar...@impsec.org
Some users are extremely allergic to any delays in their email; you may
have to maintain a list of exception destination addresses to keep them
happy, or for addresses where no delay is acceptable, e.g. support@...
or sales@...
I fully agree. When I
From: John Hardin jhar...@impsec.org
I fully agree. When I purchase an air-line ticket, I want the mail
immediately in my inbox.
If the greylisting software replies a 4xx Please come back in 299
seconds,
the truth is that you will have to wait an undetermined amount of time,
depending on
On Thu, 29 Nov 2012 14:36:45 -0500
vec...@vectro.org wrote:
I've never had any
complaints about delivery speed, but some senders have broken mail
servers that don't retry on receiving a temporary failure.
Many such servers use broken SMTP implementations that can't handle
a 4xx code in
I'll expand a little on John's comments below
On 29/11/12 18:44, John Hardin wrote:
On Thu, 29 Nov 2012, Ed Flecko wrote:
I'll be sure to check into Postgrey.
Are there any special considerations to installing/configuring it or
is it simply a matter of installing, reading the docs and
On 11/29/2012 12:01, Ned Slider wrote:
Indeed. But do also play around with the delays in postgrey (--delay).
A minimal delay of 60 seconds is enough to force a retry and is
adequate - legit hosts will retry, non-legit hosts won't so a longer
delay is generally unnecessary.
This is only one
On 11/29/2012 08:46 PM, David F. Skoll wrote:
[...]
Also, once a given IP passes greylisting, we remember that and we don't
greylist that server for 40 days. If you have a large-enough user population,
this can greatly mitigate the problems caused by initial greylisting delays.
Do you treat
On 11/29/2012 12:27, Andrzej A. Filip wrote:
On 11/29/2012 08:46 PM, David F. Skoll wrote:
[...]
Also, once a given IP passes greylisting, we remember that and we don't
greylist that server for 40 days. If you have a large-enough user population,
this can greatly mitigate the problems caused
Am 29.11.2012 20:46, schrieb David F. Skoll:
On Thu, 29 Nov 2012 14:36:45 -0500
vec...@vectro.org wrote:
I've never had any
complaints about delivery speed, but some senders have broken mail
servers that don't retry on receiving a temporary failure.
Many such servers use broken SMTP
On 11/29/2012 09:31 PM, Dave Warren wrote:
On 11/29/2012 12:27, Andrzej A. Filip wrote:
On 11/29/2012 08:46 PM, David F. Skoll wrote:
[...]
Also, once a given IP passes greylisting, we remember that and we don't
greylist that server for 40 days. If you have a large-enough user
population,
On Thu, 29 Nov 2012 21:27:19 +0100
Andrzej A. Filip andrzej.fi...@gmail.com wrote:
Do you treat yahoo like spam sources in the same way?
With respect to greylisting, of course. If a machine passes greylisting once,
it's extremely likely to pass it in future and it's an utter waste of
time to
On 11/29/2012 09:53 PM, David F. Skoll wrote:
On Thu, 29 Nov 2012 21:27:19 +0100
Andrzej A. Filip andrzej.fi...@gmail.com wrote:
Do you treat yahoo like spam sources in the same way?
With respect to greylisting, of course. If a machine passes greylisting once,
it's extremely likely to pass
On Thu, 29 Nov 2012 21:59:45 +0100
Andrzej A. Filip andrzej.fi...@gmail.com wrote:
Does greylisting increase chances of bulk detectors (razor/pyzor/dcc)
in case of yahoo like spam sources?
[ based on your experience ]
I suppose it might, but I don't use razor, pyzor, dcc or anything similar
I've just had another couple of reports of false positives due to hits
on one or more of the FROM_MISSP_* rules.
Curious coincidence: Almost all of the reports to date have involved
webform email for real estate companies. Most of the rest have involved
scan-to-email multifunction devices -
I've never had any
complaints about delivery speed, but some senders have broken mail
servers that don't retry on receiving a temporary failure.
Many such servers use broken SMTP implementations that can't handle
a 4xx code in response to RCPT properly.
We greylist after the end of DATA.
Just wondering how many
boxes:
rcpt domains:
rcpt users:
you guys are sending through greylisting.
Axb
Hi,
I have an example of spam that I just can't reliably detect:
http://pastebin.com/YuuLuA1x
It's basically some HTML with a URL to an ad for Lantern with 9 LED
bulbs. I've trained hundreds of these, and they still report
BAYES_50. I've just tested it now, a few hours after having first
On Thu, 29 Nov 2012, Kris Deugau wrote:
I've just had another couple of reports of false positives due to hits
on one or more of the FROM_MISSP_* rules.
Curious coincidence: Almost all of the reports to date have involved
webform email for real estate companies. Most of the rest have
On Thu, 29 Nov 2012, Alex wrote:
I have an example of spam that I just can't reliably detect:
http://pastebin.com/YuuLuA1x
I was just wondering if there was something else that could be
triggered on in the header to catch these sooner? I'm assuming the
sending IP part of a botnet? I'm using
On Thu, 29 Nov 2012, David F. Skoll wrote:
On Thu, 29 Nov 2012 21:27:19 +0100
Andrzej A. Filip andrzej.fi...@gmail.com wrote:
Do you treat yahoo like spam sources in the same way?
With respect to greylisting, of course. If a machine passes greylisting
once, it's extremely likely to pass
On Thu, 29 Nov 2012 22:47:45 +0100
Axb axb.li...@gmail.com wrote:
boxes:
About 50 000
rcpt domains:
About 2000
rcpt users:
Lots. I don't have an exact figure.
you guys are sending through greylisting.
This is on our machines. Our larger customers have significantly
higher numbers.
On 11/29/2012 05:43 PM, John Hardin wrote:
On Thu, 29 Nov 2012, Kris Deugau wrote:
I've just had another couple of reports of false positives due to hits
on one or more of the FROM_MISSP_* rules.
Curious coincidence: Almost all of the reports to date have involved
webform email for real
Does greylisting increase chances of bulk detectors (razor/pyzor/dcc) in
case of yahoo like spam sources?
No. A remarkable fraction of ratware still doesn't bother to retry,
so the most simple minded greylister will deter them. That's why it's
useful. I've never seen any support for the theory
On Thu, 30 Nov 2012, John Levine wrote:
Does greylisting increase chances of bulk detectors (razor/pyzor/dcc) in
case of yahoo like spam sources?
No. A remarkable fraction of ratware still doesn't bother to retry,
so the most simple minded greylister will deter them. That's why it's
useful.
On Thu, 29 Nov 2012, Michael Orlitzky wrote:
On 11/29/2012 05:43 PM, John Hardin wrote:
On Thu, 29 Nov 2012, Kris Deugau wrote:
I've just had another couple of reports of false positives due to hits
on one or more of the FROM_MISSP_* rules.
Curious coincidence: Almost all of the reports to
On Thu, 29 Nov 2012 18:01:38 -0800 (PST)
John Hardin jhar...@impsec.org wrote:
It's not so much the host being blacklisted, as a checksum of the
spam being published by pyzor et. al., or for spamvertised websites
in the spam being published by URIBLs, so that when the sender tries
again the
On 11/29/2012 17:37, John Levine wrote:
Does greylisting increase chances of bulk detectors (razor/pyzor/dcc) in
case of yahoo like spam sources?
No. A remarkable fraction of ratware still doesn't bother to retry,
so the most simple minded greylister will deter them. That's why it's
useful.
On 11/29/2012 18:54, David F. Skoll wrote:
[My gut instinct says that a reasonable greylisting interval is too
short for most DNSBLs to react. Pyzor/Razor/DCC may be somewhat more
adept at reacting quickly.]
Something trap-driven like NIX is a candidate. No, it's not safe enough
to reject
32 matches
Mail list logo
