Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 16 Jan 2008 09:48:21 -0800
From:      Chuck Swiger <cswiger@mac.com>
To:        Heiko Wundram (Beenic) <wundram@beenic.net>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: OT: Greylisting and Yahoo Mailinglists
Message-ID:  <288C5238-D420-4E52-953F-20E532748CFD@mac.com>
In-Reply-To: <200801160823.48265.wundram@beenic.net>
References:  <200801151013.20051.wundram@beenic.net> <410A0115-E23C-4163-B46F-826F8DC9FCBA@mac.com> <200801160823.48265.wundram@beenic.net>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Jan 15, 2008, at 11:23 PM, Heiko Wundram (Beenic) wrote:
> Am Dienstag, 15. Januar 2008 19:08:39 schrieb Chuck Swiger:
>> You didn't mention which mailserver or greylist software you are
>> using, but the postgrey implementation (for use with Postfix) has  
>> this
>> in postgrey_whitelist_clients:
>>
>> # greylisting.org: Yahoo Groups servers (no retry)
>> scd.yahoo.com
>>
>> ...and you could choose to whitelist all of yahoo.com just as easily.
>
> I am using Postfix, but not postgrey, rather postfix-policyd, which  
> does
> whitelisting of hosts based on IPs of the connecter. postfix-policyd  
> comes
> with three blocks of IPs for the Yahoo Groups mailservers in the  
> default
> whitelist, but none of the IPs I mentioned in my original mail falls  
> into
> those groups.

OK.  I use policy-weightd also; it doesn't greylist entries precisely,  
but instead does RBL lookups and some checking of forward and reverse  
DNS lookups, and then caches those results for a while.  It will do a  
good job of rejecting people claiming to send mail from a Yahoo  
account if they do not use a mailserver in the yahoo.com domain:

Jan 16 03:21:52 <mail.info> pi postfix/smtpd[47289]: connect from  
unknown[201.210.144.157]
Jan 16 03:21:54 <mail.info> pi postfix/policyd-weight[4912]: decided  
action=450 temporarily blocked because of previous errors - retrying  
too fast. penalty: 30 seconds x 0 retries.; delay: 0s
Jan 16 03:21:54 <mail.info> pi postfix/smtpd[47289]: NOQUEUE: reject:  
RCPT from unknown[201.210.144.157]: 450 <bluefire@codefab.com>:  
Recipient address rejected: temporarily blocked because of previous  
errors - retrying too fast. penalty: 30 seconds x 0 retries.; from=<
tequila301@yahoo.com> to=<bluefire@codefab.com> proto=ESMTP  
helo=<dC9D2909D.dslam-13-9-34-06-2-02.alf.dsl.cantv.net>
Jan 16 03:21:55 <mail.info> pi postfix/smtpd[47289]: lost connection  
after DATA from unknown[201.210.144.157]

...but almost always, this is forged email being sent as spam to  
accounts which don't exist in my local domain, so it seems to be doing  
the right thing here.

> Sorry for underspecifying my requirements, but that's the reason I  
> was asking
> specifically. I knew about the postgrey whitelist entry you mentioned.

Right.  Well, if you have some sample log lines from a known legit  
sender which were being blocked, that would be helpful...

-- 
-Chuck




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?288C5238-D420-4E52-953F-20E532748CFD>