From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
	by nuthatch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-49406-garchives=archives.gentoo.org@gentoo.org>)
	id 1GHsG4-0002Gu-Pu
	for garchives@archives.gentoo.org; Tue, 29 Aug 2006 01:19:17 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
	by robin.gentoo.org (8.13.7/8.13.6) with SMTP id k7T1Fp9F021897;
	Tue, 29 Aug 2006 01:15:51 GMT
Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.187])
	by robin.gentoo.org (8.13.7/8.13.6) with ESMTP id k7T1D9oq004899
	for <gentoo-user@lists.gentoo.org>; Tue, 29 Aug 2006 01:13:09 GMT
Received: by nf-out-0910.google.com with SMTP id n15so86329nfc
        for <gentoo-user@lists.gentoo.org>; Mon, 28 Aug 2006 18:13:07 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=sJLic4Fiy98craFIetlpcXQPlNWPOgg+cRNj1kRemqiKdHGxS/oXGQyzd1tF6eI81DnQfnb/A4sck+tPZ/E50ldsBLZ1+bUPTdZoft71qvQwiZayRge8mV+D3a3+LV/iphisaLF1oUzyDirXMEB45ItEj46mqDsfQl/U2UjMfRc=
Received: by 10.49.55.13 with SMTP id h13mr396848nfk;
        Mon, 28 Aug 2006 18:13:07 -0700 (PDT)
Received: by 10.48.241.1 with HTTP; Mon, 28 Aug 2006 18:12:52 -0700 (PDT)
Message-ID: <49bf44f10608281812i1d723244ja94887d2e746057f@mail.gmail.com>
Date: Mon, 28 Aug 2006 18:12:52 -0700
From: Grant <emailgrant@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Greylisting idea
In-Reply-To: <20060829004817.GA15964@r2d2.localdomain>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <49bf44f10608281730t12096595uff2cc73fde8e67ea@mail.gmail.com>
	 <7573e9640608281738j2685fae5n1866157da25acbac@mail.gmail.com>
	 <20060829004817.GA15964@r2d2.localdomain>
X-Archives-Salt: 45868a7d-8f4c-4a87-8a43-c18bd9087d94
X-Archives-Hash: 0e9ccd656897a1ad106cc92a06d2f8fe

> > >Greylisting seems to be the most effective way of eliminating unwanted
> > >email.  The problem is that it also has the potential to eliminate a
> > >legitimate email.  Couldn't a feature be added to greylisting software
> > >that dispatches an email to the sender of any email that is
> > >temporarily rejected and doesn't retry within a certain amount of
> > >time?  The email could say something like, "Your message of {date} was
> > >rejected as possible spam.  Please call us at {phone_number}."
> >
> > att.biz accounts do something like this.  It isn't a phone call, but
> > "go to $website and enter $code to unblock your mail to $recepient."
>
> TMDA (in portage) could be set up to do something like this, I
> believe.

I'm going to go ahead and try greylisting.  It sounds like regular
postfix checks can reject legitimate email just like greylisting can
end up doing, but postfix checks are cutting spam in half and it
sounds like greylisting will do a lot better.

I'm going to replace the following postix config:

smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions =
        permit_mynetworks,
        reject_non_fqdn_hostname,
        reject_invalid_hostname,
        permit
smtpd_sender_restrictions =
        permit_mynetworks,
        reject_non_fqdn_sender,
        reject_unknown_sender_domain,
        permit
smtpd_recipient_restrictions =
        permit_mynetworks,
        reject_non_fqdn_recipient,
        reject_unknown_recipient_domain,
        reject_unauth_destination,
        permit
smtpd_data_restrictions =
        reject_unauth_pipelining,
        permit

with this:

smtpd_recipient_restrictions =
        permit_mynetworks,
        check_policy_service inet:127.0.0.1:10030
        reject_unauth_destination,
        permit

How does that look?

- Grant
-- 
gentoo-user@gentoo.org mailing list