[Mimedefang] Greylisting

netguy netguy at sound-networking.com
Thu Dec 15 10:45:22 EST 2005


Hi All, Brian

Brian Leyton wrote:

>I am relatively new to MIMEDefang, and I'm very happy with what I've been
>able to do so far.  I'd like to take things to a higher level though, and
>one of the areas I'd like to work on is greylisting.  I've seen a couple of
>emails in the archives, and I've tried using Jonas Eckerman's filter on my
>system.
>
>  
>
[snip]

>If there's no (simple) way to do this, then is there another MIMEDefang
>greylisting implementation around that might work better on Fedora?
>  
>

Although the graylisting that I use isn't a MIMEDefang implementation 
you might find some of this useful.

I have a small amount of eMail clients using Fedora core 4.  When I 
'turned-up' graylisting in June 05, spam ( and virus ) dropped by 70% 
immediately.  Gone, None, Notta.  Check out www.puremagic.com   These 
folks have written a sendmail milter that runs as a seperate process 
before MIMEDefang can get a chance.  I am not a programmer, but have 
fiddled my way around Linux boxes for about 10 years, so I don't know 
all of the internal workings of these systems.  I do know that if you 
install graylisting as stipulated in the instructions, you shouldn't 
have any problems.  Your mileage may vary.

The whitelist is important.  We have problems with other folks mail 
servers that are not RFC compliant.  For instance, Montanasky.net ( mac 
based ) and KVIS here in Libby do NOT operate proper servers.  Instead, 
they drop eMail if it tempfails, and do not try to resend as the RFC 
calls for.  Go figure.   PayPal does not resend, as with a few others 
that are legit but are too busy or don't care.  Hotmail, Yahoo, Verizon 
and Comcast all have specific SMTP servers that are used so you can add 
them to the whitelist.  AOL seems to change, but they do resend.  If I 
have a sending MTA that a certain customer complains about that they are 
not getting eMail from, I open a /24 for it and watch it for awhile to 
get a drift on what IP's the mail servers are coming from.

If you do implement this version, remember to do the DB_maint stuff as 
the database gets big fast!

One of the things that I am looking at now is a statistical spam attack 
that is decided by users, NOT ME.  MIMEDefang is heuristics and stuff 
needed to be decided by someone.  Don't get me wrong, I don't know where 
I would be without it and I have been a user for 3 to 4 years ( don't 
remember exactly ) and I used to track stuff to show customers.  When I 
implemented graylisting, it all went away.  I rarely see a "SPAM" 
warning in the mail logs now.

After you do implement graylisting, be prepared for customer that call 
complaining that they aren't getting any eMail.  You have to grin when 
you tell them that they are still getting eMail, just not all the spam!  
Sure, the spammers will catchup and start resending, and I hope that I 
can have the statistical processes in and operational by then.  I don't 
remember the site where I read about this stuff or I would post it 
here.  If anybody is interested, I will find it and post.

todh

>Brian Leyton
>IT Manager
>Commercial Petroleum Equipment
>_______________________________________________
>NOTE: If there is a disclaimer or other legal boilerplate in the above
>message, it is NULL AND VOID.  You may ignore it.
>
>Visit http://www.mimedefang.org and http://www.roaringpenguin.com
>MIMEDefang mailing list MIMEDefang at lists.roaringpenguin.com
>http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
>
>  
>



More information about the MIMEDefang mailing list