mouss wrote:
> Matt Kettler a écrit :
>> I had the same problem. I wound up implementing milter-greylist in a way that
>> greylists these hosts, but lets most systems past. I'm not sure if you're
>> using
>> sendmail or not, but I found this VERY helpful.
>>
>> The selective greylisting is possible due to milter-greylist's use of ACLs,
>> and
>> a configurable default action. Most folks whitelist certain hosts, and use a
>> default of greylist. I do the opposite. I greylist selected patterns, then
>> whitelist the rest.
>
> You can also greylist and/or greetpause hosts with a hostname that looks
> dynamic. I find this safer than using a dul list. you can also restrict
> dul lookup to hosts that look dynamic (which is helpful in the case of
> sirbs duhl, which lists static IPs).
Yes, I do that too.
I greylist:
no RDNS
RDNS looks dynamic
IP in APNIC
IP in LACNIC
RDNS ends in selected country codes
"troublesome" IP blocks that can't be blacklisted due to
containing some legitimate mail sources.
See:
http://xanadu.evi-inc.com/greylist.conf.censored
Note: I censored out a lot of semi-sensitive stuff, such as whitelists based on
business relationships, spamtrap addresses, etc with X's.
(I'll probably pull that file down after a few days, so if you really want to
look at it, do so now)
