Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-28 23:32 UTC

Message

Re: [milter-greylist] [RFC] implementing taRgrey

2009-07-07 by Kouhei Sutou

Hi,

In <4A52878B.3030209@...>
  "Re: [milter-greylist] [RFC] implementing taRgrey" on Mon, 06 Jul 2009 19:23:55 -0400,
  Adam Katz <yegsa-yahoo@...> wrote:

> One important implementation note: if the connecting server drops the
> connection but then comes back later, the tarpit clock should have
> been counting from that first connection. (Otherwise, some
> noncompliant servers might never deliver mail.)

I want to rescue the servers by greylisting not tarpitting.

> After reading a bit on S25C, I'm quite dubious. No concrete data on
> false-positives is presented and the whitelist is MASSIVE.

Yes. S25R has some false positives. We need a whitelist when
we use S25R.

We can use S25R with greylisting to maintain our whitelist
automatically.

Here is a configuration to use S25R in milter-greylist:

  extendedregex
  racl greylist domain /^\[.+\]$/ msg "S25R rule 0"
  racl greylist domain /^[^.]*[0-9][^0-9.]+[0-9].*\./ msg "S25R rule 1"
  racl greylist domain /^[^.]*[0-9][0-9][0-9][0-9][0-9]/ msg "S25R rule 2"
  racl greylist domain /^([^.]+\.)?[0-9][^.]*\.[^.]+\..+\.[a-z]/ msg "S25R rule 3"
  racl greylist domain /^[^.]*[0-9]\.[^.]*[0-9]-[0-9]/ msg "S25R rule 4"
  racl greylist domain /^[^.]*[0-9]\.[^.]*[0-9]\.[^.]+\..+\./ msg "S25R rule 5"
  racl greylist domain /^(dhcp|dialup|ppp|[achrsvx]?dsl)[^.]*[0-9]/ msg "S25R rule 6"



>                                                            I've
> implemented S25C in SpamAssassin with near-zero scores to see what
> kind of impact it would have on my servers, but I doubt it will prove
> useful (since SA fires after greylisting).

S25R detects most of spam-bots and greylisting also detects
(and rejects) most of spam-bots. SpamAssassin will not
receive mails that can be detected by S25R.


> I suspect the "botnet" plugin for SpamAssassin is far more
> comprehensive, and I've already decided not to use it thanks to the
> fact that greylisting's main function is combating botnets. The same
> will probably go for S25R.

S25R is very lightweight because it just uses only 7 regular
expressions. It seems that it's reasonable solution at the
first filter. We will use other comprehensive filters (that
may be heavy rather than S25R) for mails that they are
passed S25R (+ greylisting) check.


> Implementing S25R within milter-greylist once the tarpitting
> functionality is present should prove trivial, so I see no need to
> implement a "targrey" clause.

We doesn't need new codes for S25R because we can use S25R
with the current milter-greylist as I show in the above. :-)


Thanks,
--
kou

Attachments

  • No local attachments were found for this message.

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.