Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-28 23:32 UTC

Message

rbl.ntua.gr - a dnsrbl for milter-greylist

2007-08-03 by pchristias

Hello everybody,

we have setup a DNSRBL to use in conjunction with milter-greylist in
our university's mail gateways. We didn't want to apply grey-listing
to every incoming connection since our users tend to consider email a
"real-time service" (no comment on that..).

Rbl.ntua.gr consists of two lists, grey.rbl.ntua.gr and white.rbl.ntua.gr.

Grey.rbl.ntua.gr contains two categories of networks:

a. ADSL address pools or other dynamic assigned IP addresses that
still have not found their way into lists like pbl.spamhouse.org or
dul.dnsbl.sorbs.net.

b. Address ranges from certain countries that unfortunately send much
more spam than legitimate email.

Entries are added based on spam, viruses or malware that arrive to our
mailboxes. The procedure is mostly manual. First, we verify that the
host on the other end is not a mail server. Then, we do some reverse
dns lookups and whois queries to find out if it is part of a network
that "qualifies" for one of the categories mentioned above. If so, the
whole address space as reported by whois is added to the list. We do
not have yet any official removal policy. Entries in this list return
127.0.0.11.

Currently grey.rbl.ntua.gr contains around 1755 networks or bit more
than 292 millions IP addresses in comparison to pbl.spamhaus.org that
contains around 335 millions IP addresses.

White.rbl.ntua.gr does what its name implies and currently contains a
few IP addresses. Entries in this list return 127.0.0.22.

Our current milter-greylist setup is:

   sm_macro "maybe_forged" "{client_resolve}" "FORGED"
   sm_macro "no_ptr" "{client_resolve}" "FAIL"

   dnsrbl "ntua greylist rbl"  rbl.ntua.gr 127.0.0.11
   dnsrbl "ntua whitelist rbl" rbl.ntua.gr 127.0.0.22

   # Greylisting policy:

   # 1. Whitelist NTUA network.
   acl whitelist addr 127.0.0.0/8
   acl whitelist addr ::1/128
   acl whitelist addr 147.102.0.0/16
   acl whitelist addr 2001:648:2000::/48

   # 2. Whitelist systems which are listed in rbl.ntua.gr whitelist.
   acl whitelist dnsrbl "ntua whitelist rbl"

   # 3. Greylist systems which are listed in rbl.ntua.gr greylist.
   acl greylist dnsrbl "ntua greylist rbl" delay 15m

   # 4. Greylist systems which do not have a valid PTR entry in DNS.
   acl greylist sm_macro "maybe_forged" delay 15m
   acl greylist sm_macro "no_ptr" delay 15m

   # 5. Whitelist everybody else.
   acl whitelist default

Feel free to try it, comment and send us feedback.

Regards,
Panagiotis

--
Panagiotis J. Christias    Network Management Center
p.christias@...    National Technical Univ. of Athens, GREECE

Attachments

  • No local attachments were found for this message.

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.