From owner-freebsd-questions@FreeBSD.ORG Sat Apr 7 12:28:37 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B4B4716A404 for ; Sat, 7 Apr 2007 12:28:37 +0000 (UTC) (envelope-from outsidefactor@iinet.net.au) Received: from mail-ihug.icp-qv1-irony16.iinet.net.au (ihug-mail.icp-qv1-irony16.iinet.net.au [203.59.1.182]) by mx1.freebsd.org (Postfix) with ESMTP id 3878E13C459 for ; Sat, 7 Apr 2007 12:28:36 +0000 (UTC) (envelope-from outsidefactor@iinet.net.au) Received: from 203-217-86-61.dyn.iinet.net.au (HELO SAURON) ([203.217.86.61]) by iinet-mail.icp-qv1-irony16.iinet.net.au with ESMTP; 07 Apr 2007 20:18:14 +0800 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Ah4FANQoF0bL2VY9UGdsb2JhbACPeQEBPg X-IronPort-AV: i="4.14,384,1170604800"; d="scan'208"; a="128938202:sNHT7570410" From: "Christopher Martin" To: "'Chuck Swiger'" Date: Sat, 7 Apr 2007 22:18:18 +1000 Message-ID: <06d101c7790e$d3b9f130$d315a8c0@SAURON> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 11 In-Reply-To: <46165C9A.7040906@mac.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826 Thread-Index: Acd4WgBBxZOOUnR+S/qq/9iKlDvWEgApw0AQ Cc: freebsd-questions@freebsd.org Subject: RE: Receiver (To/CC envelope fields) addresses verification against LDAP/Active Directory in sendmail X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Apr 2007 12:28:37 -0000 > -----Original Message----- > From: Chuck Swiger [mailto:cswiger@mac.com] > Sent: Saturday, 7 April 2007 12:44 AM > > You don't seem to mention using greylisting-- that will return a 4xx temp > failure for all initial connections (except from sites which have been > whitelisted). Only if the sender retries will the mail go through-- this > works great against dictionary-style attacks. > > -- > -Chuck The nervous nelly's above me with more sway are anti-greylisting, and my powers of persuasion have not been up to the task of changing their thinking. I have also read many comments along the lines of "It won't be long before the spammers change their tactics again to remove the effectiveness of greylisting" Additionally, we have a sales department and they all whinge about any sort of lag, and get full support of management to yell at us when they have to wait an extra minute or two for mail to arrive (and boy do they complain when a 30 MB e-mail takes 10 minutes to get to a client! Not that that is relevant to this subject). I guess I could white-list out all of sales' and senior management's addresses. I could even do an export from Active Directory to produce the whitelist, and that would allow me to only do certain departments. And worse case scenario is everyone's mail is delayed a little, where as the other method could result in lost mail if the LDAP query gets weird results. As that actually is lowering risk I could probably convince management on that footing. Great suggestion! Will have to run up a trial and check it out. Chris Martin