[9fans] greylist processing in smtpd

[9fans] greylist processing in smtpd

[David Presotto]

I updated the smtpd sources with geoff collyer's greylist processing.
It's under the -g flag.  He's been using it for weeks.

It relies on a spammer's unlikelyhood of redialing later should we tell
him we're busy.  Whenever smtpd receives a message, it first checks
a white list of ip addresses.  if the sender's address isn't there, the
mail is accepted.  If not smtpd then looks for the file
/mail/grey/<remoteip>/<localip>/<recipient>.  If that iexists, the mail
is accepted.  If not, the file is created and the message rejected with
a ``we're busy. try again later'' error code.

You'll have to remove old files from /mail/grey on a regular basis in
cron.

Geoff will be posting an initial whitelist soon.  You need to seed it with
the the yahoo (and some other mailers).  One problem with the algorithm
are multiple system smtp senders.  Yahoo had many systems that all send
smtp messages from a common set of queues.  It could be days before the
same yahoo system will try to resend the message and get added to the
whitelist.

The downside is that the first messages from any system to a local user
could take over an hour to get here depending on the sender's retry
interval.  Also, its not rocket science for spammers to figure this
out and outwit it.  However, geekmail.cc seems to be using it to good
effect.

Re: [9fans] greylist processing in smtpd

[Taj Khattra]

On Sat, Nov 01, 2003 at 01:30:14PM -0500, David Presotto wrote:
>
> It relies on a spammer's unlikelyhood of redialing later should we tell
> him we're busy.  Whenever smtpd receives a message, it first checks
> a white list of ip addresses.  if the sender's address isn't there, the
                                                         ^^^^^^^^^^^
> mail is accepted.  If not smtpd then looks for the file

s/isn't there/is there/ ?

-taj

Re: [9fans] greylist processing in smtpd

[David Presotto]

right, I can't type and think at the same time

Re: [9fans] greylist processing in smtpd

[Geoff Collyer]

[-- Attachment #1: Type: text/plain, Size: 220 bytes --]

I've attached my recommended seed whitelist.  It doesn't include some
major mail relays that have many smtp transmitters operating off the
same queue, such as AOL, just because I haven't received any mail from
them.

[-- Attachment #2.1: Type: text/plain, Size: 313 bytes --]

The following attachment had content that we can't
prove to be harmless.  To avoid possible automatic
execution, we changed the content headers.
The original header was:

	Content-Disposition: attachment; filename=white.starter
	Content-Type: text/plain; charset="US-ASCII"
	Content-Transfer-Encoding: 7bit

[-- Attachment #2.2: white.starter.suspect --]
[-- Type: application/octet-stream, Size: 346 bytes --]

# internal net
10.0.0.0/8
# yahoo mail hosts
66.218.66.0/24
66.218.84.0/24
# bellnexxia.net
209.226.175.0/24
# telus.net
199.185.220.0/24
# amazon
207.171.188.0/24
# careerbuilder.com
66.45.112.0/24

# psuvax1.cse.psu.edu - 9fans
130.203.4.6
# plan9.bell-labs.com
204.178.31.2
# ieee
140.98.194.25
# jetblue.com
64.50.124.126