[colug-432] Emailing COLUG list

William Yang wyang at gcfn.net
Thu Oct 8 16:40:05 EDT 2009 

There's been an interesting discussion about the efficacy of greylisting,
which is going on in the mailing list Emmanual runs for milter-greylist.

I use greylisting, and have for about 4 years now (using milter-greylist,
as the COLUG list does -- I learned of it from Russ, in fact, if I remember
correctly!).

While greylisting really worked for me for a while, I found that -- at
least for my user base -- there's a kind of statistical plateau to the
process.  I think this is probably because there are different kinds of
spammers who generate their lists differently and speculate that
greylisting may only be effective against certain classes of spam sources.

I'm currently getting in excess of 90% delayed messages getting delivered
over the past 28 days, which makes me think that I may not be seeing much
benefit from milter-greylist anymore.

	-Bill

R P Herrold wrote:
> On Thu, 8 Oct 2009, Rob Stampfli wrote:
> 
>> I realize this is going to be unpopular because it involves work,
>> but it could be automated and I'm willing to provide the script
>> if you are willing:  Why not extract the membership lists from
>> your mailing lists and formulate a grey-milter exception for
>> these addresses?
> 
> Straightfoward, and actually I do part of this monthly anyway 
> (dump all MM ML subscriber lists) so I can determine when a 
> desub happened with diff
> 
> The operative script is now at:
>  	http://www.colug.net/manifest-mailman.sh.txt
> that generates the raw material.
> 
> The target milter-greylist is >= milter-greylist-4.2.2-2orc 
> build on the project at:
>  	http://hcpnet.free.fr/milter-greylist/
> 
> with an ACL pass list in its config file like this:
> 
>  	racl list list "mailman-users" delay 0m autowhite 1d
> 
> The stanza it will reference will be:
> 
> # mailman start
> # List of users to exempt from greylisting
> list "mailman-users" rcpt {  \
>          user1 at example.com \
>          user2 at example.com \
>          user3 at example.com \
> }
> # mailman end
> 
> I'll be adding it to an hourly cron, at first most likely. 
> We'll see if the load goes too high with lots of entries
> 
> Go for it -- if under a suitable FOSS license, I'll certainly 
> look at any suggestions
> 
> Obviously the markers are what I will auto-manage the 
> /etc/mail/greylist.conf file from -- I dont _think_ it has 
> 'include capability ... yet
> 
> 
> Yes, I know that the purist will blanch at the
>> suggestion because email addresses can be forged, but the reality
>> is that they hardly ever are forged for the purpose of sending
>> spam to lists.  (Yet!)
>>
>> Another alternative would be to simply whitelist the domain
>> "gmail.com".  I suppose it is conceivable that someone could
>> put establish an rDNS record to impersonate gmail, but I'm also
>> fairly confident Google would make quick work of them if they
>> did.
> 
> not sure that I want that rDNS load for every piece of mail a 
> second time, and more importantly, I think that a domain based 
> 'lookup' on the last hop sender in the whitelisting does NOT 
> do that presently.  I think it rather does textual comparisons 
> on the From address's asserted domain.  I may be wrong.
> 
>> Sometimes it's easier to plow around the stumps.
> 
> perhaps -- running code will talk, of course.
> 
> - Russ herrold
> _______________________________________________
> colug-432 mailing list
> colug-432 at colug.net
> http://lists.colug.net/mailman/listinfo/colug-432
> 


-- 
William Yang
wyang at gcfn.net

More information about the colug-432 mailing list