<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=us-ascii" http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 8.00.7100.0"></HEAD>
<BODY>
<DIV dir=ltr align=left><SPAN class=213100818-20082009><FONT color=#0000ff
size=2 face=Arial>No - On the MTA (sendmail) I'm running greet pause, smf-spf
and smf-sav. Everytime I read about greylisting I don't quite get the
difference between it and greet pause. Guess I'm just slow. Does it
do more than greet pause? If I implement it, sould I discontinue use
of greet pause or use them in conjunction w/each other?</FONT></SPAN></DIV>
<DIV><FONT color=#0000ff size=2 face=Arial></FONT> </DIV><!-- Converted from text/plain format -->
<P><FONT size=2>...Kevin<BR>--<BR>Kevin
Miller
Registered Linux User No: 307357<BR>CBJ MIS
Dept.
Network Systems Admin., Mail Admin.<BR>155 South Seward
Street ph: (907) 586-0242<BR>Juneau, Alaska
99801 fax: (907 586-4500 </FONT></P>
<DIV> </DIV><BR>
<DIV dir=ltr lang=en-us class=OutlookMessageHeader align=left>
<HR tabIndex=-1>
<FONT size=2 face=Tahoma><B>From:</B> mailscanner-bounces@lists.mailscanner.info
[mailto:mailscanner-bounces@lists.mailscanner.info] <B>On Behalf Of </B>Eduardo
Casarero<BR><B>Sent:</B> Thursday, August 20, 2009 9:22 AM<BR><B>To:</B>
MailScanner discussion<BR><B>Subject:</B> Re: Localhost
forgery<BR></FONT><BR></DIV>
<DIV></DIV><BR><BR>
<DIV class=gmail_quote>2009/8/20 Kevin Miller <SPAN dir=ltr><<A
href="mailto:Kevin_Miller@ci.juneau.ak.us">Kevin_Miller@ci.juneau.ak.us</A>></SPAN><BR>
<BLOCKQUOTE
style="BORDER-LEFT: rgb(204,204,204) 1px solid; MARGIN: 0pt 0pt 0pt 0.8ex; PADDING-LEFT: 1ex"
class=gmail_quote>I'm being bombarded with a ton of spam that claims to be
from localhost (but the IP isn't in the 127. range). They are false
NDRs, bouncing off of foreign servers. A large number of my users are
being joe-jobbed, and the remote servers send the NDRs here. Here's a
couple of examples from the the mail log:<BR><BR>Aug 20 06:32:30 mx2
sendmail-in[25703]: n7KEVnN7025703: from=<<A
href="mailto:qvmanifestation@grahamevinson.com">qvmanifestation@grahamevinson.com</A>>,
size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=localhost
[123.26.216.57] (may be forged)<BR>Aug 20 07:34:33 mx2 sendmail-in[29611]:
n7KFYJdI029611: from=<<A
href="mailto:kzmatrimony@ivory.plala.or.jp">kzmatrimony@ivory.plala.or.jp</A>>,
size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=localhost
[222.254.108.100] (may be forged)<BR><BR>I'd really like to be able to block
them at the MTA level, but barring that, a spamassassin rule would do nicely.
Anybody have a rule available that would fit the bill? There are
too many sources to try to blacklist - I'd be playing whack-a-mole all day
long.<BR></BLOCKQUOTE>
<DIV><BR>do you use greylisting?<BR><BR> </DIV>
<BLOCKQUOTE
style="BORDER-LEFT: rgb(204,204,204) 1px solid; MARGIN: 0pt 0pt 0pt 0.8ex; PADDING-LEFT: 1ex"
class=gmail_quote><BR>(I've been on vacation the past few weeks, so if this
has been discussed please let me know the subject
line.)<BR><BR>Thanks...<BR><BR>...Kevin<BR>--<BR>Kevin Miller
Registered Linux User No:
307357<BR>CBJ MIS Dept.
Network Systems Admin., Mail Admin.<BR>155 South Seward Street
ph: (907) 586-0242<BR>Juneau, Alaska 99801 fax:
(907 586-4500 --<BR>MailScanner mailing list<BR><A
href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</A><BR><A
href="http://lists.mailscanner.info/mailman/listinfo/mailscanner"
target=_blank>http://lists.mailscanner.info/mailman/listinfo/mailscanner</A><BR><BR>Before
posting, read <A href="http://wiki.mailscanner.info/posting"
target=_blank>http://wiki.mailscanner.info/posting</A><BR><BR>Support
MailScanner development - buy the book off the
website!<BR></BLOCKQUOTE></DIV><BR></BODY></HTML>