Greylisting (WAS: gif attachments)
John Rudd
jrudd at ucsc.edu
Thu Aug 24 00:20:26 IST 2006
On Aug 23, 2006, at 14:46, Matt Hampton wrote:
>
>>>>> Try implementing greylisting on your servers. This has helped a
>>>>> lot with
>>>>> this problem on my systems.
>>>>> Even if you set the greylisting delay as low as 5 minutes.
>>>> My big fear w/ Greylisting is that a (legitmate) SMTP server
>>>> somewhere won't respect the "try again later" code, and instead
>>>> just fail to deliver the mail. I've heard rumours that some of the
>>>> larger webmail providers exhibit this behaviour.
>>>>
>>>> Comments?
>
> I ran it for about 6 months and didn't have any issues with it.
> However
> I then turned on sendmail's "greet_pause" facility and this caught
> almost as much as grey-listing.
>
I, in turn, found that 90% of what greet_pause was catching was:
a) had no PTR record,
b) PTR and A record didn't match, or
c) looked like it's from some ISP's client and/or dynamic host range
(2 or more octets of its IP address, in decimal or hex format, in
the hostname, or the words "dynamic", "dsl", "cable", or "dial-?up"
in the hostname).
I just reject these now, and I lowered my greet_pause to 3 seconds
(ie. just blocking the slammers).
More information about the MailScanner
mailing list