Milter-greylist

For as long as I have used it, milter-greylist has a policy to 
whitelist mail passing SPF tests by default.   I am finding that most 
successful spam passed the SPF tests.  It is not particularly 
difficult for a dedicated spammer to obtain supportive DNS records.

It seems best for DNS black lists to be applied prior to using any 
results from SPF tests.

Can anyone post or point me to a good working example of a 
greylist.conf which considers DNS black lists prior to using results 
of SPF tests?

Thanks,

Bob
-- 
Bob Friesenhahn
bfriesen@..., http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer,    http://www.GraphicsMagick.org/

Bob Friesenhahn bfriesen@... [milter-greylist]
<milter-greylist@yahoogroups.com> wrote:

> For as long as I have used it, milter-greylist has a policy to 
> whitelist mail passing SPF tests by default. 

I blacklist spf self, that is when the spammer's SPF record validates
for my own machine.

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

On Thu, 11 Feb 2016, manu@... [milter-greylist] wrote:

> Bob Friesenhahn bfriesen@... [milter-greylist]
> <milter-greylist@yahoogroups.com> wrote:
>
>> For as long as I have used it, milter-greylist has a policy to
>> whitelist mail passing SPF tests by default.
>
> I blacklist spf self, that is when the spammer's SPF record validates
> for my own machine.

Is this a common ploy?

Regardless, it is good that SPF can be used to decide if the mail is 
sent from a correct IP address (according to someone else) but 
whitelisting by default does not seem like a good strategy.  Instead 
the IP should be checked against blacklists and only after passing 
those tests should it be whitelisted due to passing SPF checks.

It may be that I am not properly understanding the algorithm that 
milter-greylist is using.

Bob
-- 
Bob Friesenhahn
bfriesen@..., http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer,    http://www.GraphicsMagick.org/

It seems that my question is a duplicate of a discussion on this list 
(mostly by Jim Klimov) in 2013.  I found that discusion at

   http://comments.gmane.org/gmane.mail.sendmail.milter.greylist/3315

It would be good if milter-greylist's sample greylist.conf file 
included examples which reduce "SPF spam" similar to thos posted in 
the above discusion thread.  Automatically whitelisting messages just 
because they passed a SPF test is not reliable any more since the 
spammers seem to have caught up by now.

Bob
-- 
Bob Friesenhahn
bfriesen@..., http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer,    http://www.GraphicsMagick.org/

Bob Friesenhahn bfriesen@... [milter-greylist]
<milter-greylist@yahoogroups.com> wrote:

> > I blacklist spf self, that is when the spammer's SPF record validates
> > for my own machine.
> 
> Is this a common ploy?

Yes: if you operate a botnet, the most practical way of setting up an
always positive SPF record is to make it wild open. And in that case it
also match your own server IP, hence the blackist spf self trick.

I do not think SPF whitelisting makes sense. On the other hand,
blaklisting hosts failing SPF, or matching spf self, does catch some
spam.

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

Bob Friesenhahn bfriesen@... [milter-greylist]
<milter-greylist@yahoogroups.com> wrote:

> 
> It would be good if milter-greylist's sample greylist.conf file 
> included examples which reduce "SPF spam" similar to thos posted in 
> the above discusion thread.  

Please post a patch!

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...