Greylisting (WAS: gif attachments)

John Rudd jrudd at ucsc.edu
Thu Aug 24 00:20:26 IST 2006


On Aug 23, 2006, at 14:46, Matt Hampton wrote:

>
>>>>> Try implementing greylisting on your servers. This has helped a 
>>>>> lot with
>>>>> this problem on my systems.
>>>>> Even if you set the greylisting delay as low as 5 minutes.
>>>> My big fear w/ Greylisting is that a (legitmate) SMTP server 
>>>> somewhere won't respect the "try again later" code, and instead 
>>>> just fail to deliver the mail.  I've heard rumours that some of the 
>>>> larger webmail providers exhibit this behaviour.
>>>>
>>>> Comments?
>
> I ran it for about 6 months and didn't have any issues with it.  
> However
> I then turned on sendmail's "greet_pause" facility and this caught
> almost as much as grey-listing.
>

I, in turn, found that 90% of what greet_pause was catching was:

a) had no PTR record,
b) PTR and A record didn't match, or
c) looked like it's from some ISP's client and/or dynamic host range
    (2 or more octets of its IP address, in decimal or hex format, in
     the hostname, or the words "dynamic", "dsl", "cable", or "dial-?up"
     in the hostname).

I just reject these now, and I lowered my greet_pause to 3 seconds
(ie. just blocking the slammers).





More information about the MailScanner mailing list