Re: Design of spamd

Thu, 01 Dec 2011 02:16:10 -0800

Op Wed, 30 Nov 2011 20:02:38 +0100 schreef Han Boetes <[email protected]>: 
Boudewijn Dijkstra wrote:

Op Tue, 29 Nov 2011 21:54:37 +0100 schreef Han Boetes
<[email protected]> :
> At the moment all spamd greylisting cares about is, "does it retry
> connecting?" Unfortunately a lot of spammers do a spamrun and
> simply try sending a spam message or 10 and then move on to the
> next smtp server on their list and that get's them white listed in
> a matter of seconds.

No it doesn't.  Your passtime is too short (default is 25 minutes).


Yes I thought that was weird too.

This is how I start spamd:
   sudo /usr/libexec/spamd -G 25:4:864 -v

 -G passtime:greyexp:whiteexp
  Adjust the three time parameters for greylisting. passtime defaults to
  25 (minutes), greyexp to  4  (hours),  and  whiteexp  to  864  (hours,
  approximately 36 days).

So for some reason passtime is ignored on my machine. I've tested
this with telnet quite extensively. And after 3,4,5 attempts in a
minute or so the address is whitelisted.


Are you also using spamlogd(8)?


> I don't make it up, it's that simple.
>
> Anyway. Wouldn't it be nice if spamd would do the checks that
> postfix does so the mailserver protecting code can be separated
> from the real functionality?
>
> So spamd would use the stuttering time to figure out if the ip is
> not on an rbl, if the dnsname is reverse resolvable, if the helo
> is valid, if the sender is not matching silly pattern, etc etc

A few years ago I started work on a Java application that remotely
tabulates, sorts and correlates the data, looks up DNS information
and verifies recipients with a Postfix server.  Via right-click menus
I can manipulate the database.  Have been using it daily ever since
it became slightly usable, but there is still a lot of work to do...


Doesn't postfix do al that stuff already?
Yes, but I don't want it to make decisions for me. Also, the application provides me with information to do other stuff, like whitelisting things earlier, trapping legitimate MTA's, adding netblocks to <mywhite>, removing Hotmail servers from the traplist when necessary, inform a colleague when an important client makes a typo, etc. And I forgot to mention it also does GeoIP country lookup. 



--
Gemaakt met Opera's revolutionaire e-mailprogramma: http://www.opera.com/mail/ 
(Remove the obvious prefix to reply.)

Reply via email to