dccifd / greylisting problems
Smart,Dan
SmartD at VMCMAIL.COM
Tue Aug 3 17:00:28 IST 2004
That's exactly how the dcc greylist is implemented, as a sendmail milter.
For postfix, you must use a postfix policy server, such as Postgrey. There
is no policy server integration for DCC to Postfix
(http://isg.ee.ethz.ch/tools/postgrey/).
<<Dan>>
> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Mariano Absatz
> Sent: Tuesday, August 03, 2004 10:08 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: [MAILSCANNER] dccifd / greylisting problems
>
> On Mon, 2 Aug 2004 10:46:57 -0500, Smart,Dan
> <smartd at vmcmail.com> wrote:
> > PMJI:
> > The negative of greylisting is that some "legit" mail
> servers may give
> > up after one attempt. These will need to be whitelisted
> to bypass greylisting.
> >
> > Also, there is a long discussion on DCC list on
> functionality, and it
> > appears that an initial denial of 1 - 3 minute(s) is sufficient to
> > stop most Spam senders, who send once then forget. Most
> users would
> > not see this delay. Whitelisting will still be an issue
> for broken sites.
> >
> > Greylisting needs to run at the mail MTA, so that messages
> get blocked
> > *before* they are accepted by your mail MTA. That's the
> whole idea...
> > Block messages once before accepting them the second time.
> >
> > Each message records a tuple in DCC: The sender,
> recipient, and IP
> > address of sending MTA. After being saved the first time,
> every time
> > this recorded tuple is seen, the message gets delivered
> immediately.
> > The tuples have a time-to-live, and will expire off the
> DCC server eventually.
> >
> > <<Dan>>
> >
> >
> >
> >
> > > -----Original Message-----
> > > From: MailScanner mailing list
> > > [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Matthew Henkler
> > > Sent: Saturday, July 31, 2004 10:03 PM
> > > To: MAILSCANNER at JISCMAIL.AC.UK
> > > Subject: Re: [MAILSCANNER] dccifd / greylisting problems
> > >
> > > On Sat, 31 Jul 2004, John Rudd wrote:
> > >
> > > > But I think it's more of a sendmail milter type thing
> than a >
> > > mailscanner thing. By the time mailscanner sees the
> message, it's
> > > too > late to reject it for the sender to try again later.
> > >
> > > Yes, that seems likely now that I think about it. The
> way I have
> > > it set up at least, it is most likely too late for
> MailScanner to
> > > do anything about. Guess I'll have to play around with
> it at the
> > > MTA level.
> > >
> > > Good explanation of greylisting for everyone though, thanks!
> > >
> Anyway... greylisting CAN NOT work within MailScanner.
> Graylisting has to be done during the incoming SMTP dialog
> and must choose to accept or temporarily reject (errcode
> 4XX) a given SMTP transaction.
>
> MailScanner runs AFTER the SMTP transaction is over so
> there's no way that you can do graylisting within it.
>
> Maybe it could be implemented in a milter for sendmail, I dunno.
>
> --
> Mariano Absatz - El Baby
> el (dot) baby (AT) gmail (dot) com
> el (punto) baby (ARROBA:@) gmail (punto) com
>
> -------------------------- MailScanner list ----------------------
> To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/ and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>
>
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
More information about the MailScanner
mailing list