[Greylist-users] Up and running on the real sever - and I have some questions
wwalker at bybent.com
Wed Feb 15 09:55:57 PST 2006
On Wed, Feb 15, 2006 at 11:39:00AM -0600, Dennis Wynne wrote:
> I put the new anti-SPAM server in front of the real server yesterday
> afternoon and things (to me) are humming right along. One thing I noticed
> is the SPAMmers don't pick up on the change to the MX records and keep
> sending a good bit to the old server - while legit servers quickly started
> using the new server. In a few days if this keeps up I will just block all
> outside connections to the old server. Between the time I changed the MX
> records and this morning I got about 20 SPAMs (a really low count for me)
> and NONE - ZERO - of them came through the new server.
> I am getting some push-back from some of the users so I have some questions.
> 1) What timeout period does everyone use? Anyone done a study about the
> various times? If SPAMmers "never" retry then 5 minutes would be long
> enough. Do you block more SPAM setting it to around an hour than you do
> setting it for 5 minutes? Seems like if a SPAM box does any retries at all
> it will get through and all you are doing is just delaying legit mail.
I use 2 minutes on one server and 3 on the other. Doesn't seem to let
any more spam through when it was switched from the original default
(20? 58??) a long time ago.
> 2) I block all un-known users before relaydelay sees them, so the only "to:"
> addresses that get looked up and inserted in MySQL are legit users. Any
> thoughts to changing the scripts to run not against the triplet of from:,
> to:, and IP to just from: and IP? This makes sense to me, since if I
> routinely accept messages from bob at domain.com and I ask him to e-mail a
> co-worker I would think it would be OK for bob's mail to go through w/o a
> delay. Ditto for things like CNN news e-mails. Once one of them to any user
> has been accepted, no need to delay the others if they are all from the same
> IP - is there? Anyone done this and can share the changes?
I've thought of this before too, but this will fail. If spammer send to Bob
at noon then to Phil at 12:15, then we approve the spammer because
without the triplet, it looks like the spammer is a real MTA retrying.
> 3) Does anyone use a bypass method when an e-mail just "has to get through"
> ? Say a customer has a mail server that never retries, or does not retry
> for 4 hours and I NEED to let an e-mail though. Should I configure a
> non-published username that I could let bypass relaydelay and have the mail
> get through? I know some systems have a "password" you can put in the
> subject line to bypass their SPAM filters - but that would not work with the
I assume you are using relaydelay? Get xlist.pl (in CVS for relaydelay
but not in the tar.gz last time I looked. Then:
xlist.pl white ip 2.3.4 # if that were say, sw airlines who have broken MTAs...
xlist.pl white to mary at foo.com # because Mary likes spam, can't afford
any delayed emails, or just pissed you off
www.unwiredbuyer.com - when you just can't be by the computer
wwalker at bybent.com Do you use Linux?!
http://www.bybent.com Get Counted! http://counter.li.org/
Perl - http://www.perl.org/ Perl User Groups - http://www.pm.org/
Jabber: wwalker at jabber.gnumber.com AIM: lwwalkerbybent
IRC: wwalker on freenode.net
More information about the Greylist-users