[Greylist-users] Whitelist entries and 4xx failure codes
-Note to implementors
Frank Bax
fbax at sympatico.ca
Tue Sep 28 07:51:24 PDT 2004
At 12:21 AM 9/28/04, Scott Nelson wrote:
>At 02:24 PM 9/27/04 -0400, Frank Bax wrote:
> >
> >I am using OpenBSD greylisting implementation that uses 450 by default, but
> >I can configure it to use 451. My ISP provides secondary MX support and
> >that machine does not implement greylisting at all. I am finding that a
> >significant volume of spam is arriving at mailboxes by using the secondary
> >MX. Am I likely to see a reduction in servers using secondary MX if I
> >switch from 450 to 451?
Since posting this, it looks like OpenBSD 3.5 does not allow me to change
the greylisting reply after all. The docs are not totally clear, but it
looks like (and limited testing appears to confirm) that the options to
change reply code only affect blacklisted ip addresses, and that
greylisting reply is hardcoded.
>Probably not.
>Some spammers process the MX queue in reverse order, and that's
>most likely what you're seeing.
Ah, that explains something I saw last night. Last week I moved a few
domains from an old box to the new OpenBSD system with greylisting. I had
setup the old box as third MX during the transition, so that it could still
relay some mail to new server until dns changes propagated. Last night I
noticed what appeared to be some kind of spam attack on the old server,
many invalid email addresses were being rejected in rapid succession. This
actually makes sense if they were processing MX in reverse order. Thanks.
The spam was actually getting through the second of three MX servers. I
should have been more clear on that point.
>You probably shouldn't be using a more lenient secondary MX.
>Do you really need a secondary? Mail retries by default...
I was already considering this move...
>Well, if you must, then a realtively easy trick is to create a final
>MX that points to a machine that always tempfails everything.
>(this catches a fair amount of spam, but it's all spam that would be
>caught by greylisting anyway)
>Or just list your primary first and last (highest and lowest priority).
If I could afford to install a second box at server park that temp fails
everything, I could just as easily make it my secondary MX - but I will try
1st and 3rd/last pointing to same box for a while to see what happens.
More information about the Greylist-users
mailing list