Greylisting .. nice ..
Res
res at ausics.net
Sat Nov 4 12:34:51 GMT 2006
On Sat, 4 Nov 2006, Dhawal Doshy wrote:
> Res wrote:
>> On Sat, 4 Nov 2006, Jim Holland wrote:
>>
>>> My objection to it is not that it doesn't work, but that it makes all
>>> genuine mail servers work twice as hard to deliver mail. I like having an
>>> outgoing mail queue as clean as possible, and the greylisters mean
>>
>> This is the biggest point of it, the people trying to get everyone using
>> greylisting obviously dont see much mail or don't have impatient whinging
>> @!#$@#$'s as customers
>>
>> It seems to be a big thing with the postmix (intended pun) users
>> for some reason.
>
> Us postmix users use selective greylisting ;-) See
> http://www.stahl.bau.tu-bs.de/~hildeb/postfix/postfix_greylisting.shtml
>
> I kinda agree that simply greylisting is not as effective as before. However
> a combination of policyd-weight (rbl+rhsbl scoring) + selective greylisting
> still works wonders in my setup..
I use RBL's in MTA rather than score them, if its trash the less resource
sof mine I allow them to use the better :)
>
> i would suggest separating out the incoming from the outgoing (logically if
> not physically) and add p0f support at the incoming iptables level to reject
> desktop OSes (thereby taking care of most botnets). See below links for a
> hint.
> http://www.snertsoft.com/sendmail/milter-p0f/
> http://kmlinux.fjfi.cvut.cz/~vokac/activities/ppolicy/
>
> - dhawal
>
--
Cheers
Res
"Just a world that we all must share, it's not enough just to stand and
stare, is it only a dream that there'll be no more turning away" - Floyd
More information about the MailScanner
mailing list