Rocco Scappatura wrote:
% telnet yourserver 25
...
EHLO somehostname
...
MAIL FROM:<sender>
...
RCPT TO:<recipient>
DATA
copy-patse the message with full headers except the Delivered-To that
contains your recipient address
end with a line containing a dot ('.') like this:
.
QUIT

Infact I get:

Feb 26 23:07:50 av4 amavis[17589]: (17589-03) Blocked SPAM,
[<ipofmyserver>] [<ipofmyserver>] <[EMAIL PROTECTED]> -> <<myemailaddress>>,
quarantine: r/spam-rGPEbZ4mzhH4.gz, Message-ID:
<[EMAIL PROTECTED]>, mail_id: rGPEbZ4mzhH4, Hits: 7.193,
size: 4063, 1874 ms

And spammer are becoming more faster as the time goes on.. Is it
convenient to use gray listing

newer bots retry, so GL is only effective is the time interval is large enough, but that's not a neutral thing so should be restricted to suspicious mail. That's what I use GL for anyway.

or there is something other effective
tecnique that I could use to reduce false negative?

Thanks,

rocsca


the spam you showed has:

Received: from [125.128.59.158] (unknown [125.128.59.158])

which means the client is "unknown" and it helo'ed with a literal IP (it's from Korea too but let's ignore this). My postfix has a check_helo_acces with a pcre:

/^[/      reject_unknown_client, policy_greylist

This rejects mail if the client is unknown and helo's with a literal IP. I've not seen literal IPs in ham on an MX. Note that this test must not be applied on an MSA: MUAs like Thunderbird do helo with a literal IP.

The test is run before DNSBL checks, so it saves some cycles and reduces the load on DNSBL sites. these days, the test catches about 15% of mail rejected at MTA time.

Note that reject_unknown_client returns a temp error, but unlike GL, you'll need to whitelist the client if you want to accept his mail). if this is a real issue, just remove the reject_unknown_client part and leave the greylisting check. but

of course, this is mostly a temporary cure. if ratware learns to helo with a hostname, it won't be caught. but let's fight the spam of today for now ;-p






Reply via email to