Greylisting with Sendmail and FreeBSD
Matt Kettler
mkettler at evi-inc.com
Wed Nov 8 22:12:06 GMT 2006
Jim Coates wrote:
> How hard is it to install Greylisting on a machine running FreeBSD, Sendmail
> and MailScanner?
>
> Is there a particular package that you all recommend?
I use milter-greylist. It's pretty easy, and it's ACL based setup lets you set
it up more-or-less any way you want.. greylist by default, or by explicit rule, etc.
The current release candidates also support using dnsrbl's as acl rules, and
per-rule over-ride of greylist duration. Putting the two together you can do
things like greylist for longer periods of time if they're listed in a DNSRBL.
(useful for DNSRBLs with too many FPs to use as outright blacklists).
My current setup is more-or-less:
whitelist <mynetwork>
whitelist <some important partners>
greylist spamhaus SBL, 15mins
greylist spamhaus XBL, 1hr
greylist SORBS-WEB, 1hr
greylist SORBS-DUL, 1hr
greylist <all to postmaster> 1min
greylist <anything with mydomain as envelope sender> 1min
greylist (regex for hosts with no RDNS) 1min
greylist (a few other regexes) 1min
greylist (list of ip's allocated to apnic) 1min
greylist (list of ip's allocated to lacnic) 1min
whitelist default
And that works pretty well. Right now XBL, and more specifically the CBL
contributed part of XBL, is taking the lions share of the hits.
Thus far this week:
Spamhaus SBL
3216
Spamhaus XBL (CBL)
12904
Spamhaus XBL (NJABL)
87
SORBS-WEB
141
SORBS-DUL
4071
delayed 1m (others)
2987
default action:
7217
not delayed and delivered (total, incl whitelists)
10390
>
> I asked out FreeBSD host about it, and they say that they've never used it.
>
> An interesting note - Yahoo has started using greylisting on their email
> accounts.
More information about the MailScanner
mailing list