forked from pifty/tutes-dump
53 lines
3.2 KiB
Plaintext
Executable File
53 lines
3.2 KiB
Plaintext
Executable File
[07] WHAT IS GREYLISTING? HOW DOES HELP WITH SPAM OR UCE?
|
|
|
|
SPAM that you receive can be forwarded to 'spam-bucket@sdf.org'.
|
|
This file is accessible to all users and the purpose of it is to help
|
|
identify spammer networks and spam content.
|
|
|
|
WHAT IS GREYLISTING?
|
|
|
|
Greylisting is a passive approach to dealing with spam. It allows the
|
|
SDF SMTP server to keep track of the SMTP servers that communicate with it
|
|
by establishing a tuple: IP of the sending server, address of the sender
|
|
and address of the recipient. When SDF receives a connection from an
|
|
unknown SMTP server it issues a 451, which basically means "I'm busy,
|
|
please retry later". This sort of response occurs normally for a multiple
|
|
of reasons everyday such as: The user is over quota, the file system is
|
|
full, the load average is too high and so on. A properly configured MTA
|
|
will follow the SMTP protocol and respect a 451 by using its default retry
|
|
interval which can be anywhere between 5 minutes to 60 minutes typically.
|
|
SDF's greylisting is only in effect for 1 minute from the sending server's
|
|
first attempt. This is well within a reasonable retry period of a
|
|
properly configured SMTP server. When the previously greylisted server
|
|
connects back within 20 hours of its first attempt, SDF accepts its
|
|
connection and allows the email to be delivered. The tuple is then
|
|
whitelisted for 72 hours. This also takes in account for other SMTP
|
|
servers on the same or neighbouring networks since greylisting on SDF only
|
|
matches numbers up to CLASS B/16 (255.255.0.0) and therefore the smaller
|
|
CIDRs and all host numbers are ignored. This allows greylisting to work
|
|
with massively large e-mail harvesting farms such as Gmail.
|
|
|
|
Senders with SPF compliant headers are automatically passed without
|
|
being deferred.
|
|
|
|
There is a simple utility called 'greylist' you can use to see what tuples
|
|
apply to you. Its important to note that if you do see a tuple in the
|
|
greylist that you known is legtimate it will always show up in the
|
|
autowhitelist, for 72 hours, when the sending host retries. Because it
|
|
is possible that a spam host could resend before they change their IP
|
|
address, you could receive that spam on a retry. However, it is unlikely
|
|
that they will retry and therefore you will always receive legitimate
|
|
email with a very low percentage of that possibly being spam.
|
|
|
|
By default greylisting is enabled for all SDF members. If you would
|
|
like to disable it, which is not recommended, you may do so by typing
|
|
'greylist -t'. You can re-enable it with the same command.
|
|
|
|
MetaARPA members can also use the 'greylist -tw' command to create their
|
|
own rules to apply to mail delivery specific to their email addresses and
|
|
their domains. You must have greylisting enabled otherwise there will be
|
|
no need for a whitelist. This custom whitelist is a flat text file called
|
|
.wl in the user's home directory with a single email address on each row
|
|
of the file. The file can only contain email addresses and
|
|
meta-characters will be stripped and ignored.
|