Date: Thu, 26 Oct 2006 12:02:01 -0400 From: "Michael W. Lucas" <mwlucas@blackhelicopters.org> To: "Peter N. M. Hansteen" <peter@bgnett.no> Cc: questions@freebsd.org Subject: Re: pfspamd greylisting stuttering at everything Message-ID: <20061026160201.GA4801@bewilderbeast.blackhelicopters.org> In-Reply-To: <87ods3wo27.fsf@amidala.kakemonster.bsdly.net> References: <87ods3wo27.fsf@amidala.kakemonster.bsdly.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Oct 23, 2006 at 08:20:32AM +0200, Peter N. M. Hansteen wrote: > > I'm set up just like the man page, but every incoming connection is > > being stuttered at. This plays havoc with incoming legit mail, of > > course, and I've been forced to fall back on older antispam tools. > > Are you sure you are actually seeing stuttering, not just the > greylisting database getting (slowly) initialized? [sorry for the delay answering, I needed to spend some quality time with my mailserver to answer this thoroughly.] Well, if I manually telnet to port 25 from any machine, I get about one character a second. And I get taunted. I don't think that's the innocuous 451 error mentioned in the manual. > You should expect a 'silent period' while the machines which are > trying to send you mail prove their good intentions to your > greylister. The point of greylisting, after all, is to force > correspondents to retry 'within a reasonable time'. The lower > threshold for 'reasonable' is set with the first of the -G arguments > to spamd. The other factor is how long the correspondent takes to > actually retry, which depends on a number of other factors you really > can't influence much, such as the size of that server's outgoing > queue. I've let it run for three hours this morning. Before starting pfspamd today, I checked my spamdb. spamdb listed 12 entries. After 3 hours, spamdb listed the same 12 entries. My spamd logs to /var/log/spam, which has many interesting entries in it: Oct 26 11:18:31 bewilderbeast spamd[731]: (GREY) 216.136.204.119: <owner-doc-committers@FreeBSD.org> -> <mwlucas@blackhelicopters.org> Oct 26 11:18:40 bewilderbeast spamd[731]: 204.127.192.84: connected (12/1) Oct 26 11:18:47 bewilderbeast spamd[731]: 89.110.7.178: From: Leila Wood <uzzfnh@fantasy-heaven.de> Oct 26 11:18:47 bewilderbeast spamd[731]: 89.110.7.178: To: mwlucas@blackhelicopters.org Oct 26 11:18:47 bewilderbeast spamd[731]: 89.110.7.178: Subject: caustic assent Oct 26 11:18:47 bewilderbeast spamd[731]: 89.110.7.178: Body: This is a multi-part message in MIME format. Oct 26 11:18:47 bewilderbeast spamd[731]: 89.110.7.178: Body: --------------060605040706020008040508 Oct 26 11:18:47 bewilderbeast spamd[731]: 89.110.7.178: Body: Content-Type: text/html; charset=ISO-8859-1 Oct 26 11:18:47 bewilderbeast spamd[731]: 89.110.7.178: Body: Content-Transfer-Encoding: 7bit Oct 26 11:18:47 bewilderbeast spamd[731]: 89.110.7.178: Body: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> Oct 26 11:18:47 bewilderbeast spamd[731]: 89.110.7.178: Body: <html> Oct 26 11:18:47 bewilderbeast spamd[731]: 89.110.7.178: Body: <head> Oct 26 11:18:47 bewilderbeast spamd[731]: 89.110.7.178: Body: <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type"> Oct 26 11:19:13 bewilderbeast spamd[731]: 204.152.190.11: disconnected after 390 seconds. Oct 26 11:19:15 bewilderbeast spamd[731]: 12.130.136.42: disconnected after 390 seconds. Oct 26 11:19:34 bewilderbeast spamd[731]: 89.110.7.178: disconnected after 390 seconds. Oct 26 11:19:48 bewilderbeast spamd[731]: 200.52.66.237: connected (10/1) So, bad stuff is making it there. Good stuff is as well, though. I sent an email from work to test the setup: bewilderbeast~;grep gkn /var/log/spamd Oct 26 11:33:59 bewilderbeast spamd[4622]: (GREY) 194.76.60.27: <Michael.Lucas@gkndriveline.com> -> <mwlucas@blackhelicopters.org> Oct 26 11:35:42 bewilderbeast spamd[4622]: 194.76.60.27: From: "Michael Lucas \(DL\)" <Michael.Lucas@gkndriveline.com> Oct 26 11:35:42 bewilderbeast spamd[4622]: 194.76.60.27: Body: michael.lucas@gkndriveline.com Oct 26 11:41:50 bewilderbeast spamd[4622]: (GREY) 194.76.60.27: <Michael.Lucas@gkndriveline.com> -> <mwlucas@blackhelicopters.org> Oct 26 11:43:33 bewilderbeast spamd[4622]: 194.76.60.27: From: "Michael Lucas \(DL\)" <Michael.Lucas@gkndriveline.com> Oct 26 11:43:33 bewilderbeast spamd[4622]: 194.76.60.27: Body: michael.lucas@gkndriveline.com Ten minute delay between the first and last attempt. I'm running spamd as below: pfspamd_flags="-v -G7:4:864 -r451" This tells me that after seven minutes, the next attempt should be graylisted and handed to my mail server. bewilderbeast~;grep gkn /var/log/maillog bewilderbeast~; Nothing. bewilderbeast~;spamdb | grep gkn bewilderbeast~; Nothing again. > I would give the initial database buildup a few hours at least. If > you're impatient and you have a few addresses which you consider > 'known good', you could whitelist them using > > # spamdb -a nnn.nnn.nnn.nnn I'd rather avoid whitelisting manually, except perhaps my home IP, until I know greylisting works on its own. > see spamdb(8) for details. I suppose that man page could do with a > bit more text. All of spamd could use some documentation, but that'll happen. ;-) > PS My favorite quote about spamd and greylisting at the moment is this > recent message to openbsd-misc: > http://marc.theaimsgroup.com/?l=openbsd-misc&m=116136841831550&w=2 That's what inspired me to try this. Thanks for your help, it's nice to know I'm not missing anything really obvious. ==ml -- Michael W. Lucas mwlucas@FreeBSD.org,mwlucas@BlackHelicopters.org http://www.BlackHelicopters.org/~mwlucas/ Latest book: PGP & GPG -- http://www.pgpandgpg.com "The cloak of anonymity protects me from the nuisance of caring." -Non Sequitur
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061026160201.GA4801>