Greylisting .. nice ..
Dhawal Doshy
dhawal at netmagicsolutions.com
Sat Nov 4 10:48:24 GMT 2006
Res wrote:
> On Sat, 4 Nov 2006, Jim Holland wrote:
>
>> My objection to it is not that it doesn't work, but that it makes all
>> genuine mail servers work twice as hard to deliver mail. I like
>> having an
>> outgoing mail queue as clean as possible, and the greylisters mean
>
> This is the biggest point of it, the people trying to get everyone using
> greylisting obviously dont see much mail or don't have impatient
> whinging @!#$@#$'s as customers
>
> It seems to be a big thing with the postmix (intended pun) users
> for some reason.
Us postmix users use selective greylisting ;-) See
http://www.stahl.bau.tu-bs.de/~hildeb/postfix/postfix_greylisting.shtml
I kinda agree that simply greylisting is not as effective as before.
However a combination of policyd-weight (rbl+rhsbl scoring) + selective
greylisting still works wonders in my setup..
i would suggest separating out the incoming from the outgoing (logically
if not physically) and add p0f support at the incoming iptables level to
reject desktop OSes (thereby taking care of most botnets). See below
links for a hint.
http://www.snertsoft.com/sendmail/milter-p0f/
http://kmlinux.fjfi.cvut.cz/~vokac/activities/ppolicy/
- dhawal
More information about the MailScanner
mailing list