Re: [courier-users] courier-mta and amavis-new +clamAV

This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.

---1463811840-295937880-1193835460=:21456
Content-Type: TEXT/PLAIN; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8BIT

On Wed, 31 Oct 2007, courier@thefreecat.org wrote:

> gordan@bobich.net a écrit :
>> Utter nonsense. Greylisting doesn't work.
>
> Hmmm...
>
>> It falls over flat on it's
>> face the moment it is exposed to multi-homed senders
> [...]
>> There are perfectly valid reasons why one might want to
> > run their systems with such a setup (network failure redundancy
> > or peering arrangements).
>
> Oh... Sure ! Though, I would say that such an (static, complicated)
> architecture should be quite rare for spammers (very easy to blacklist).
> So in *most* cases greylisting is perfectly adapted.

The point is that all such non-spamming setups (e.g. gmail) would need to
be whitelisted for greylisting to work. Otherwise, greylisting will
massively delay (possibly to the point of bouncing) mail from multi-homed
systems.

>> If you're using greylisting, you might as well save yourself some server
>> load
>
> Greylisting *already* saves much server load.
>
>> and use unlisting instead.
>
> What's this ?

Google for it. It's essentially port knocking for SMTP. For example, you
only accept the TCP connection on MX3 if the sending server first touched
port 25 on MX1 and MX2, in the correct order. MX1 and MX2 always reject,
but MX3 selectively accepts or drops/tarpits.

>> You _might_ get somewhere more meaningful if you greylist by (from, to)
>> rather than (ip, from, to), but last time I checked, most tools didn't
>> allow for this.
>
> That shouldn't be too big of a hack (for the one who really wants it).
> Did you try (just forcing all stored/compared IP addresses to 0.0.0.0
> should be sufficient for a proof of concept) ?

I haven't bothered. nolisting (decoy MX records) + RBLs knocked spam on
the head down to 0.1% of where it was. And the delay my mail sees is a few
times the ping time from the sender, which will, if it's RFC compliant,
retry the next MX until it finds the one that works. Greylisting is a
paradigm that is incompatible with this approach.

> Pardon my ignorance, I'm just sharing my experience : since I installed
> greylisting, 95% of SPAM has disappeared, period. With no extra work,
> just 15mn of configuration.

How much ham bounced (apart from _all_ of it getting delayed by an
arbitrary amount of time)? You'll find that nolisting+RBLs approach would
have likely yielded at least equivalent results with none of the drawbacks
of greylisting, and taken no longer to set up. Nolisting is effectively
guaranteed to yield no false positives, and RBLs reject immediately. It is
often better to immediately get a bounce as with RBLs than to have the
mail sit in limbo with the sender thinking it's been received.

Gordan
---1463811840-295937880-1193835460=:21456
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
---1463811840-295937880-1193835460=:21456
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/.../courier-users

---1463811840-295937880-1193835460=:21456--