Milter-greylist

It's a problem because Google IPs are white listed by default on my 
system, and it could cause a problem blacklisting a Google server.

I've received numerous messages over the last few days.  I've tried 
sending big cos like Google and Yahoo complaints about spam in the 
past.  They invariably send back denying the messages came from their 
servers.  The following is Google, isn't it?  I could be spacing it 
because it's early here in California.

smtp-out3.google.com (smtp-out3.google.com [216.239.45.15])

Thanks.

Mark Walker wrote:
>
> It's a problem because Google IPs are white listed by default on my
> system, and it could cause a problem blacklisting a Google server.
>
> I've received numerous messages over the last few days. I've tried
> sending big cos like Google and Yahoo complaints about spam in the
> past. They invariably send back denying the messages came from their
> servers. The following is Google, isn't it? I could be spacing it
> because it's early here in California.
>
> smtp-out3.google. com (smtp-out3.google. com [216.239.45. 15])
>
> Thanks.
>
Well, greylisting only stops smtps that don't follow the RFCs. Since 
Google will follow the retry it makes sense to have them in the 
whitelist. Just make sure you spam scam all mail from them like you 
would anyone else.

Thanks, I'll be diligent about notifying abuse and adding an SA rule. 

My users can get pretty uppity when messages are blocked, especially if 
they're entirely not work related, as GMail usually is.  A bit off 
topic, but it's fascinating how trust works.  My biggest spammers are 
now turning out to be Google and AOL users.  I would normally 
immediately blacklist spammer ips, but since they're big, I can't.  If 
someone's big, you're forced to trust them and accept their malice. 

Greg Troxel wrote:

> To address the problem, I'm inclined to add a SA rule that adds a few
> points for mail from gmail, hoping that real mail will BAYES_00 or user
> whitelist down and spam will get pushed up over threshold.  If I had
> more gmail correspondents I'd be less inclined to do this.
>

Mark Walker wrote:
>
> Thanks, I'll be diligent about notifying abuse and adding an SA rule.
>
> My users can get pretty uppity when messages are blocked, especially if
> they're entirely not work related, as GMail usually is. A bit off
> topic, but it's fascinating how trust works. My biggest spammers are
> now turning out to be Google and AOL users. I would normally
> immediately blacklist spammer ips, but since they're big, I can't. If
> someone's big, you're forced to trust them and accept their malice.
>
You don't have to trust them. Trust is always assuming someone or 
something is on the up and up. You don't have to trust gmail, you just 
can't 'execute' them. There is a difference between distrust, neutral, 
and trust.

Mark Walker <furface@...> wrote:

> My users can get pretty uppity when messages are blocked, especially if
> they're entirely not work related, as GMail usually is.  A bit off 
> topic, but it's fascinating how trust works.  My biggest spammers are
> now turning out to be Google and AOL users.  I would normally 
> immediately blacklist spammer ips, but since they're big, I can't.  If
> someone's big, you're forced to trust them and accept their malice. 

Well, you tend to block a sending IP or network when you think you will
block much more spam than legitimate messages. This explains the latest
spammer move: crack mail farms' CAPTCHA and send mail from the farms.

We end up with a stream of message from mail farms that mixes legitimate
and spam without any way of using the trust we could have to mail farms.

But maybe there is a solution. At least we have a minimal trust in mail
farms: we know they do not allow sender e-mail address usurpation. A
sender you know for being legitimate will not be used for spamming.

So perhaps a solution is to blacklist mail farms by default and have a
whitelist of known sender addresses. Either your user could supply the
list, or you could send an error message explaining we do not trust new
mail farm accounts, and let the sender sign up for your whitelist
through a web form (with yet another CAPTCHA!)

Alternatively, this could be done using greylisting:

racl greylist domain /gmail\.com/ delay 5d autowhite 1000d
       msg "we do not trust new gmail accounts, please retry later"

But that would require a per-ACL lazy greylisting, where the source IP
is replaced by a wildcard. Obviously there is something to invent.


-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...