Topic: activating greylisting

[mark]

this seems to work ok
have I missed anything obviuos? (other than some people don't like greylisting:)

mkdir -p /usr/bin/config
chmod 777 /usr/bin/config
mkdir -p /etc/e-smith/templates-custom/var/service/qpsmtpd/config/plugins/
echo greylisting black_timeout 60 > /etc/e-smith/templates-custom/var/service/qpsmtpd/config/plugins/09greylisting

/sbin/e-smith/expand-template /var/service/qpsmtpd/config/plugins

cheers

Mark

[jvels]

hello

is this the way how to enable graylisting?

best regrads
Jesper Vels

[bjoyce]

Hi,

Yes this does enable greylisting.

I sent a test email for the first time after doing the above and it had a delay of 37 minutes
The 2nd email from the same user and mail server was recieved straight away.

The question I have is where do you put the white list for servers that are legitimate but dont retry? e.g telstra in Australia.

I believe the IP's for telstra's smtp servers are:-

144.140.82.138
144.140.82.142
144.140.82.153
144.140.82.155
144.140.82.181
144.140.82.183
144.140.82.194
144.140.83.154
144.140.83.156
144.140.83.182
144.140.83.195
144.140.92.138
144.140.92.153
144.140.92.155
144.140.92.181
144.140.92.183
144.140.93.154
144.140.93.156
144.140.93.182
144.140.93.195

[bjoyce]

Hi,
RayMitchell has the answer to how to get a email server on the whitelist

db spamassassin setprop wbl.global *@*vonage.com White *domain2.com White *domain3.com Black
(all on one line)

edited - of course followed by
expand-template /etc/mail/spamassassin/local.cf
svc -t /service/spamd

I added a previously unused email account to the white list and then sent a test email.  there was no delay.

Greylist seems to work well.  SME7admin graph showed an average of .7 spams per 5 minutes before the implementation now the last 6 hours the average of spam has dropped to .08.  a 90% reduction.

I'm impressed.

Brad[/img]

[chris burnat]

How to tweak the delayed period for first post? Could this be brought down say to 5 minutes?
I have been looking at milter-greylist and the response one receives for the first post is:
Remote_host_said:_451_4.7.1_Greylisting_in_action,_please_come_back_in_00:05:00/
Giving_up_on_84.16.68.xxx./

[bjoyce]

Im not absolutely positive but I think the time for the second email is totally dependant on the sending email server config which is obviously out of our hands.

Brad

[chris burnat]

"the time for the second email is totally dependant on the sending email server config which is obviously out of our hands. "

Agreed, how about the intial delay, first post?  Bringing it down fro soem 36 min as repported in this thread to say 5 minutes?

[william_syd]

this seems to work ok
have I missed anything obviuos? (other than some people don't like greylisting:)


chmod 777 /usr/bin/config

Is 777 a good idea ?

Could we just change ownership to qpsmtpd ?

Is a signal-event email-update required ?

[raem]

bjoyce

> RayMitchell has the answer to how to get a email server on the whitelist
> db spamassassin setprop wbl.global *@*vonage.com White

That command has nothing to do with greylisting.
That command adds White or Black list entries for the spamassassin spam filter, which will determine if a message is never identified as spam or always identified as spam.

The whitelist for greylisting is a totally different thing, a sender is whitelisted in order to bypass the greylisting delay time before accepting the message ie messages from a whitelisted sender are always accepted without being rejected the first time by the greylisting process.

I don't know where you set it in sme7.

[bjoyce]

="RayMitchell"]bjoyce

> RayMitchell has the answer to how to get a email server on the whitelist
> db spamassassin setprop wbl.global *@*vonage.com White

That command has nothing to do with greylisting.

I dont know why it works but it does, I sent a email from a new email account not recieved and the wait time is about 30 minutes, when whitelisted with your command I then sent from another new email and it is accepted immediatly

Brad

[raem]

bjoyce

> Greylist seems to work well.  
>... now the last 6 hours the average of spam has dropped to .08.  a 90% reduction.
> I'm impressed.

Greylisting does function as designed & will reduce spam to near zero, the problem is that not all mail servers function predictably. Unless you  monitor mail that you have not received (and how do you do that ?) you are going to loose messages. People will complain about you not replying to their email and that's when you discover you never received their message.
Unreliable (ie broken) mail servers will not necessarily retry and even send from a different server IP, therefore disrupting the greylisting delay function ie the second message gets delayed again as it is from a different server IP and so on for large email systems with many servers.

Mails servers have different retry periods (some in days), so there is no guarantee how quickly you will receive the second message (after the first rejection).
You can set the delay time as low as you like, but that's not going to change the retry time of a broken mail server (and there are quite a few of them out there).

You can & will need to monitor rejections and then monitor the subsequent acceptance (whenever that occurs), so you will be busy constantly going through email log files, and then maintaining extensive whitelists to work around problematic mail servers.

Good luck !

[bjoyce]

There is a list of "broken" email servers that comes with the milter greylist.
http://hcpnet.free.fr/milter-greylist/
I am using this on a school email server.  On the admin email list I have fellow colleges that have used greylisting effectivly and our recieved email is from a fairly limited user set.  This set of mail servers from Milter and adding bigpond mail servers, our biggest internet provider in australia who have "broken" email servers, he has had great success for about 6 months now and still recommends it.
The amount of spam I was getting was about 90% with SME 6 so I upgraded to SME 7 with improved results but still getting an anoying amout, 500 spam email in the last 10 weeks on my account alone, so needed to do something more.  Bayes filtering seemed to do nothing to improve the situation so now Im in to greylisting.

I can whitelist the milter list of email server and add bigpond and hopefully wont need to touch it again.

Regards Brad

[raem]

bjoyce

Greylisting will accept subsequent messages from the same sender immediately without delay (ie after the first rejection and the subsequent first acceptance within usually a 24 hour period).

The spamassassin plugin may be loaded/hooked into before the greylisting plugin, so if the sender is on the spam (junkmail) white list then the message is automatically accepted, before it is checked by the greylisting plugin.

I think you need to learn more about greylisting.

[raem]

bjoyce

>... our recieved email is from a fairly limited user set.  

In a situation like that, greylisting can be more manageable, as there are a limited set of servers that you receive from, and therefore a limited subset of servers to whitelist.

White listing does reduce the effectiveness of greylisting though.

What is your answer for those mail servers who do not retry for 2 or 3 days, I assume you are happy to wait that long for the email to arrive ?

[bjoyce]

bjoyce

I think you need to learn more about greylisting.

Where do you suggest I go to do that?

Brad