Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-28 23:32 UTC

Message

Re: [milter-greylist] milter-greylist using large amounts of virtual memory

2005-10-12 by Dennis Willson

Well I was going to say that on my system the unknown user rejection comes before greylisting. However, I remembered that the 
greylisting is on the hubs that have no local users. The unknown users are rejected via a milter that sits in front of the greylist 
milter.

I also believe that anything in the access.db will be rejected prior to the greylist milter, so if there's a bunch of unknown users 
you see over and over you can load them in the access file to reject them before greylisting. I know that's really a pain, and on 
the dictionary attacks I have experienced there are only a few emails from and/or to the same email address then the attack moves on 
to another, the server IP also changes every 10-25 emails as well so it's pretty much impossible to block by hand. I have several 
domains that have been under this type of attach for almost a year. Every day the same domains get the dictionary run against them.

One thing I did on the worst domains is; since I have several hubs setup as backup MX receivers, I created one (the lowest level MX) 
that only captures the email and doesn't pass it on to end user email server. It has a fairly long hello delay also. Only a very few 
real emails go to this machine but most of the dictionary attacks do. Most of the dictionary attacks don't wait for the really long 
hello delay, so very little email actually gets captured. Every so often I would review what was captured and send on anything that 
looked important. So little email was real that I have stopped doing that and have cron job that deletes any email older than a 
certain number of days old (just in case someone says their missing some email, I can look before it's deleted). No complains so 
far. It took a good load off the main real working hubs.

I know your pain.

Dennis

Matt Kettler wrote:
> Emmanuel Dreyfus wrote:
> 
>>On Wed, Oct 12, 2005 at 05:11:05PM -0400, Matt Kettler wrote:
>>
>>
>>>Yes, but that's not how milter-greylist works.. at least, not on my system.
>>>
>>>For me, the greylist check happens before the recipient is validated, thus I
>>>constantly see greylisting going on for nonexistent users:
>>
>>
>>I assume you cannot configure sendmail to reject mail sent to nonexistent
>>usrers. Maybe milter-rcptfilter can fix your problem? You feed it with the
>>list of the valid addresses and it will reject everything else.
>>
> 
> 
> My sendmail *does* reject nonexistent senders, and always has. re-read my
> message. The rejection happens *AFTER* the greylist runs.
> 
> 
> 
> 
> 
>  
> Yahoo! Groups Links
> 
> 
> 
>  
> 
> 
>

Attachments

  • No local attachments were found for this message.

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.