Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-28 23:32 UTC

Message

Re: [milter-greylist] greytrapping

2007-08-22 by Edux

Matthieu Herrb escribi\ufffd:
> Hi,
>
> I seem to remember that I've heard Emmanuel talk about implementing 
> greytrapping, but I've not seen it discussed here. I've tried to 
> implement that in mimedefang, but there are some drawbacks that could 
> be  avoided by using milter-greylist for that.
>
> There are at least two ways to trap spammer IP's:
>
> o messages sent to e-mail addresses that never existed (and will never 
> exist) in the destination domain.
>  An amazingly common case is spam received to e-mail addresses that 
> are in fact message-id of usenet posts where XEmacs/GNUS was used, you 
> get messages addressed to things like  "wzizo1at5ti.fsf@...". The 
> IP of this sender can sent to an acl to be  blocked for an extended 
> delay...
>
> o messages sent to the lowest priority MX of a site when a higher 
> priority MX is alive. One trick to detect that is to assign 2 IP 
> addresses to you main MX and to declare the second one as another MX 
> for your domain(s) with a very low priority. Now when a t-uple arrives 
> to this IP and has not been seen by milter-greylist before (using the 
> lazywaw or the subnetmatch feature if needed), it's for sure something 
> that violates the RFC and deserves to wait longer (or get rejected 
> directly).
>
> I think those 2 kinds of trap are pretty easy to implement, and I'm 
> willing to try to give them a shot, unless someone else beats me or 
> finds this really stupid and useless.
>
For the first case i thought a different solution. I'm using MScanner 
and to do some statistics i use Vispan. Vispan 3.0.0 includes a 
"heuristic" engine that identifies IP's that send spam (watching the 
maillog) to avoid false-positives it count the amount of spam that an ip 
send. All this IP's are stored on a txt file generaly /tmp/rblfile.txt.

If you use milter-greylist you can compile with --enable-dnsrbl to 
enable acls with rbl verification.

The next step is to set up rbldnsd locally to read rblfile.txt. When the 
rbl is ok, you can set an ACL to delay more time the email if the ip of 
the sender is in your blacklist.

Its possible to extend this, i have 4 servers collecting ips to a single 
rbl server (while processing real trafic) and i have 44000 ips in 
blacklist. The problem is that i cannot enable dnsrbl on greylisting.

Did someone enable it on the new beta?

Regards.

Attachments

  • No local attachments were found for this message.

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.