hi,
I've been experimenting with blacklist and flushaddr using 2.1.12.
Here are some thoughts, in case someone is interested.
list "spam trap users" rcpt { trap1@... trap2@... trap3@... trap4@... }
acl blacklist list "spam trap users" flushaddr
(I've patched milter-greylist a little bit to have some stats and more
readable logs).
Aug 7 13:30:15 nexus milter-greylist: k77BU5m9001258: addr akl178.internetdsl.tpnet.pl[83.17.15.178] from <begin@...> to <addi@...> delayed for 00:05:00 (ACL 212)
Aug 7 13:30:15 nexus sm-mta[1258]: k77BU5m9001258: Milter: to=<addi@...>, reject=451 4.7.1 Greylisting in action, please come back later
Aug 7 13:30:15 nexus sm-mta[1258]: k77BU5m9001258: akl178.internetdsl.tpnet.pl [83.17.15.178]: Possible SMTP RCPT flood, throttling.
Aug 7 13:30:15 nexus milter-greylist: k77BU5tN001259: addr akl178.internetdsl.tpnet.pl[83.17.15.178] from <alex@...> to <jef@...> delayed for 00:05:00 (ACL 212)
Aug 7 13:30:15 nexus sm-mta[1259]: k77BU5tN001259: Milter: to=<jef@...>, reject=451 4.7.1 Greylisting in action, please come back later
Aug 7 13:30:15 nexus sm-mta[1259]: k77BU5tN001259: akl178.internetdsl.tpnet.pl [83.17.15.178]: Possible SMTP RCPT flood, throttling.
Aug 7 13:30:15 nexus sm-mta[1437]: k77BUFWO001437: rejecting commands from [86.108.81.7] [86.108.81.7] due to pre-greeting traffic
Aug 7 13:30:16 nexus milter-greylist: (local): addr 83.17.15.178 flushed, removed 1 grey and 0 autowhite
Aug 7 13:30:16 nexus milter-greylist: k77BU5m9001258: addr akl178.internetdsl.tpnet.pl[83.17.15.178] from <begin@...> to <trap1@...> blacklisted (ACL 200)
Aug 7 13:30:16 nexus sm-mta[1258]: k77BU5m9001258: Milter: to=<trap1@...>, reject=551 5.7.1 Go away!
Aug 7 13:30:16 nexus milter-greylist: (local): addr 83.17.15.178 flushed, removed 0 grey and 0 autowhite
Aug 7 13:30:16 nexus milter-greylist: k77BU5tN001259: addr akl178.internetdsl.tpnet.pl[83.17.15.178] from <alex@...> to <trap2@...> blacklisted (ACL 200)
Aug 7 13:30:16 nexus sm-mta[1259]: k77BU5tN001259: Milter: to=<trap2@...>, reject=551 5.7.1 Go away!
Aug 7 13:30:17 nexus milter-greylist: (local): addr 83.17.15.178 flushed, removed 0 grey and 0 autowhite
Aug 7 13:30:17 nexus milter-greylist: k77BU5tN001259: addr akl178.internetdsl.tpnet.pl[83.17.15.178] from <alex@...> to <trap4@...> blacklisted (ACL 200)
Aug 7 13:30:17 nexus sm-mta[1259]: k77BU5tN001259: Milter: to=<trap4@...>, reject=551 5.7.1 Go away!
Aug 7 13:30:19 nexus milter-greylist: k77BU5m9001258: addr akl178.internetdsl.tpnet.pl[83.17.15.178] from <begin@...> to <foo.orgpyro@...> delayed for 00:05:00 (ACL 212)
Aug 7 13:30:19 nexus sm-mta[1258]: k77BU5m9001258: Milter: to=<foo.orgpyro@...>, reject=451 4.7.1 Greylisting in action, please come back later
Aug 7 13:30:19 nexus milter-greylist: k77BU5tN001259: addr akl178.internetdsl.tpnet.pl[83.17.15.178] from <alex@...> to <baz@...> delayed for 00:05:00 (ACL 212)
Aug 7 13:30:19 nexus sm-mta[1259]: k77BU5tN001259: Milter: to=<baz@...>, reject=451 4.7.1 Greylisting in action, please come back later
Aug 7 13:30:20 nexus milter-greylist: (local): addr 83.17.15.178 flushed, removed 1 grey and 0 autowhite
Aug 7 13:30:20 nexus milter-greylist: k77BU5tN001259: addr akl178.internetdsl.tpnet.pl[83.17.15.178] from <alex@...> to <trap3@...> blacklisted (ACL 200)
Aug 7 13:30:20 nexus sm-mta[1259]: k77BU5tN001259: Milter: to=<trap3@...>, reject=551 5.7.1 Go away!
Aug 7 13:30:20 nexus milter-greylist: k77BU5m9001258: addr akl178.internetdsl.tpnet.pl[83.17.15.178] from <begin@...> to <foo.orgtrap2@...> delayed for 00:05:00 (ACL 212)
Aug 7 13:30:20 nexus sm-mta[1258]: k77BU5m9001258: Milter: to=<foo.orgtrap2@...>, reject=451 4.7.1 Greylisting in action, please come back later
Aug 7 13:30:21 nexus milter-greylist: k77BU5tN001259: addr akl178.internetdsl.tpnet.pl[83.17.15.178] from <alex@...> to <bar@...> delayed for 00:05:00 (ACL 212)
Aug 7 13:30:21 nexus sm-mta[1259]: k77BU5tN001259: Milter: to=<bar@...>, reject=451 4.7.1 Greylisting in action, please come back later
.... 380+ hits from that ip later ...
Aug 7 13:41:40 nexus milter-greylist: k77BfZxb001925: addr akl178.internetdsl.tpnet.pl[83.17.15.178] from <blinka666@...> to <bar-bounces@...> delayed for 00:05:00 (ACL 212)
Aug 7 13:41:40 nexus sm-mta[1925]: k77BfZxb001925: Milter: to=<bar-bounces@...>, reject=451 4.7.1 Greylisting in action, please come back later
Aug 7 13:41:40 nexus sm-mta[1925]: k77BfZxb001925: lost input channel from akl178.internetdsl.tpnet.pl [83.17.15.178] to Daemon0 after data
Aug 7 13:41:40 nexus sm-mta[1925]: k77BfZxb001925: from=<blinka666@...>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=Daemon0, relay=akl178.internetdsl.tpnet.pl [83.17.15.178]
Aug 7 13:41:53 nexus milter-greylist: k77BflMm001933: addr akl178.internetdsl.tpnet.pl[83.17.15.178] from <admin@...> to <bar-bounces@...> delayed for 00:05:00 (ACL 212)
Aug 7 13:41:53 nexus sm-mta[1933]: k77BflMm001933: Milter: to=<bar-bounces@...>, reject=451 4.7.1 Greylisting in action, please come back later
Aug 7 13:41:53 nexus sm-mta[1933]: k77BflMm001933: lost input channel from akl178.internetdsl.tpnet.pl [83.17.15.178] to Daemon0 after data
Aug 7 13:41:53 nexus sm-mta[1933]: k77BflMm001933: from=<admin@...>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=Daemon0, relay=akl178.internetdsl.tpnet.pl [83.17.15.178]
strangely, I ended up with 15 grey entries in greylist.db for 83.17.15.178 while I should have only 1 or 2.
I seems that the list of rcpt changes as the blacklisted rcpt disapeared, while it remains
constant with only greylist (no blacklist).
That's not good as the spam traps become useless. Not sure if those spam tools
are that smart. BTW, I've changed my conf to :
acl blacklist list "spam trap users" code "451" ecode "4.7.1" msg "Greylisting in action, please come back later" flushaddr
It now reports blacklist as greylist, hidding the spamtraps but still flushing the bad ips from the db.
Let see if that helps.
/FabienMessage
blacklist
2006-08-07 by Fabien Tassin