[Mdlug] Test message

Raymond McLaughlin driveray at ameritech.net
Thu Sep 28 18:35:23 EDT 2006 

Rich Clark <rrclark at rrclark.net> wrote:

> Postgrey greylisting
> 
>  	A sending host will connect to port 25 of our machine, which is 
> handled by postfix.  Postfix then compares the message to our internal 
> access list and also checked against the spamhaus.org XBL/SBL combined 
> list.

A cached local copy. or is spamhaus contacted each time?

Is there a local whitelist as well?

This first step is part of the configuration of postfix itself, not an other
program?

Are any added modules, or I guess a servlet needed? Part of the standard package?

>  If it passes those checks, it's then passed to postgrey.  If it's a 
> message that has not been seen before, it is temporarily delayed for 300 
> seconds with a 450 smtp response to the sending server.

If it's a message that has not been seen before == Is not identical to a
previous message. From what you say below the message hasn't been sent (
deferred delivery) so it's just the header then?

300 second is 5 minute. That's going to slow down a lot of conversations. The
current server is almost IM like at times.

> All MTA software 
> knows to defer delivery on receipt of a 450 code.  Spamware, however, 
> won't bother to resend as it is too wasteful of the spammer's resources. 
> It just moves on to the next address on the list.  I've seen most MTA 
> software retry several times before the postgrey timeout expires, though 
> I'm not certain if it will reject messages after too many retries before 
> the timeout expires.  I'll have to reread up on whether it has that 
> capability.  There's another rate-limiting feature in postfix that I'll 
> detail further on in this explanation.


> Postfix/amavisd-new/spamassassin/clamav filtering.
> 
>  	Once the greylisted message has passed the 300 second greylist 
> timeout, it's passed through to postfix. 

So it's postfix to postgrey and back to postfix?

> Postfix then passes the message 
> to amavisd-new, which runs checks against spamassassin and clamav. 
> Spamassassin is set to tag-only; clamav will toss anything that it finds 
> with a virus to a quarantine directory.  The mail that passes these tests 
> is then returned to postfix for final delivery.

And finally postfix to postgrey and back to postfix, then to clamav and
spamassasin and finally back to postfix? Just so I'm following.

>  	While setting this all up, I noted a new feature in postfix 2.2 
> that I'd not seen in earlier releases, a servlet called anvil, which 
> rate-limits incoming messages.  Anvil will be useful to me at home as I'm 
> still getting little mailbombs from some spammer or two that I've pissed 
> off over the years.  I'll rate limit down to 30 connections and/or 30 
> messages per minute 

Is this limit per IP address, or keyed to some other identifier?

> and simply drop connection on him.  I don't think 
> those kinds of limits for the LUG server would be a bad idea, either, so 
> it's in place there already.

Would be? So there in place, but latent, i.e. without an actual limit set?

> Questions?  Lemme know.
> 

Here's some

More information about the mdlug mailing list