From owner-freebsd-questions@FreeBSD.ORG Wed Jan 16 17:48:22 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CE4A616A469 for ; Wed, 16 Jan 2008 17:48:22 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from mail-out3.apple.com (mail-out3.apple.com [17.254.13.22]) by mx1.freebsd.org (Postfix) with ESMTP id B361B13C4D9 for ; Wed, 16 Jan 2008 17:48:22 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from relay11.apple.com (relay11.apple.com [17.128.113.48]) by mail-out3.apple.com (Postfix) with ESMTP id 6DCE71E3AE8F; Wed, 16 Jan 2008 09:48:22 -0800 (PST) Received: from relay11.apple.com (unknown [127.0.0.1]) by relay11.apple.com (Symantec Mail Security) with ESMTP id 58E9A28057; Wed, 16 Jan 2008 09:48:22 -0800 (PST) X-AuditID: 11807130-a3c39bb0000028a7-9c-478e43660ddd Received: from cswiger1.apple.com (cswiger1.apple.com [17.214.13.96]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by relay11.apple.com (Apple SCV relay) with ESMTP id 3254528080; Wed, 16 Jan 2008 09:48:22 -0800 (PST) Message-Id: <288C5238-D420-4E52-953F-20E532748CFD@mac.com> From: Chuck Swiger To: Heiko Wundram (Beenic) In-Reply-To: <200801160823.48265.wundram@beenic.net> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v915) Date: Wed, 16 Jan 2008 09:48:21 -0800 References: <200801151013.20051.wundram@beenic.net> <410A0115-E23C-4163-B46F-826F8DC9FCBA@mac.com> <200801160823.48265.wundram@beenic.net> X-Mailer: Apple Mail (2.915) X-Brightmail-Tracker: AAAAAA== Cc: freebsd-questions@freebsd.org Subject: Re: OT: Greylisting and Yahoo Mailinglists X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Jan 2008 17:48:22 -0000 On Jan 15, 2008, at 11:23 PM, Heiko Wundram (Beenic) wrote: > Am Dienstag, 15. Januar 2008 19:08:39 schrieb Chuck Swiger: >> You didn't mention which mailserver or greylist software you are >> using, but the postgrey implementation (for use with Postfix) has >> this >> in postgrey_whitelist_clients: >> >> # greylisting.org: Yahoo Groups servers (no retry) >> scd.yahoo.com >> >> ...and you could choose to whitelist all of yahoo.com just as easily. > > I am using Postfix, but not postgrey, rather postfix-policyd, which > does > whitelisting of hosts based on IPs of the connecter. postfix-policyd > comes > with three blocks of IPs for the Yahoo Groups mailservers in the > default > whitelist, but none of the IPs I mentioned in my original mail falls > into > those groups. OK. I use policy-weightd also; it doesn't greylist entries precisely, but instead does RBL lookups and some checking of forward and reverse DNS lookups, and then caches those results for a while. It will do a good job of rejecting people claiming to send mail from a Yahoo account if they do not use a mailserver in the yahoo.com domain: Jan 16 03:21:52 pi postfix/smtpd[47289]: connect from unknown[201.210.144.157] Jan 16 03:21:54 pi postfix/policyd-weight[4912]: decided action=450 temporarily blocked because of previous errors - retrying too fast. penalty: 30 seconds x 0 retries.; delay: 0s Jan 16 03:21:54 pi postfix/smtpd[47289]: NOQUEUE: reject: RCPT from unknown[201.210.144.157]: 450 : Recipient address rejected: temporarily blocked because of previous errors - retrying too fast. penalty: 30 seconds x 0 retries.; from=< tequila301@yahoo.com> to= proto=ESMTP helo= Jan 16 03:21:55 pi postfix/smtpd[47289]: lost connection after DATA from unknown[201.210.144.157] ...but almost always, this is forged email being sent as spam to accounts which don't exist in my local domain, so it seems to be doing the right thing here. > Sorry for underspecifying my requirements, but that's the reason I > was asking > specifically. I knew about the postgrey whitelist entry you mentioned. Right. Well, if you have some sample log lines from a known legit sender which were being blocked, that would be helpful... -- -Chuck