Prev: routing according to sender domain, not recipient domain
Next: How to disable Postfix Mail Delivery Report
From: Angelo Amoruso on 23 Mar 2010 04:49
Matias wrote:
> Hi,
>
> I want to move away from postgrey to a sql based greylist service, so
> that I can access the greylist database from more than one server.
>
> I've been reading about sqlgrey, gps, gld, etc...
Hi,
I've tried gld with success and satisfaction. I recommed it to you!

Angelo

From: Ansgar Wiechers on 23 Mar 2010 05:24
On 2010-03-22 Bas Mevissen wrote:
> Why catch-all? Because I often use the part before the "@" as a key to
> see the origin of the e-mail when subscribing.

That's what address extension was invented for. See the respective
section of man 8 local.

Regards
Ansgar Wiechers
--
"Abstractions save us time working, but they don't save us time learning."
--Joel Spolsky

From: Bas Mevissen on 23 Mar 2010 05:55
On Tue, 2010-03-23 at 10:24 +0100, Ansgar Wiechers wrote:
> On 2010-03-22 Bas Mevissen wrote:
> > Why catch-all? Because I often use the part before the "@" as a key to
> > see the origin of the e-mail when subscribing.
>
> That's what address extension was invented for. See the respective
> section of man 8 local.
>

I'm aware of address extension. It is a well-known trick, so the
extension is likely to be stripped off by spam senders.

But thanks for pointing this out anyway.

Bas.

From: /dev/rob0 on 23 Mar 2010 06:43
On Tue, Mar 23, 2010 at 10:55:04AM +0100, Bas Mevissen wrote:
> On Tue, 2010-03-23 at 10:24 +0100, Ansgar Wiechers wrote:
> > On 2010-03-22 Bas Mevissen wrote:
> > > Why catch-all? Because I often use the part before the "@"
> > > as a key to see the origin of the e-mail when subscribing.
> >
> > That's what address extension was invented for. See the
> > respective section of man 8 local.
>
> I'm aware of address extension.

I think maybe I have discussed this with you before as well.

> It is a well-known trick, so the
> extension is likely to be stripped off by spam senders.

Funny thing about that. I have exactly one spamtrap address, and
precisely because of spammers stripping the extension. Some years
back, I made a few posts to a mailing list using this address:
list+elite(a)nodns4.us . Note, no munging considered necessary.

That address is not spammed at all; neither is the list@ address.
Elite(a)nodns4.us is my spamtrap! I get lots of hits on that, over
2000 in the past month.

So, IME there is nothing to support your assumption about spammer
behavior. I would know it if the list@ address started to get hit.
I'd still be able to control it, because the only valid use of that
address have been list sunscriptions, each containing a +tag. But
this hasn't been necessary.

Moral of the story: maybe harvest bots are dumber than you think.
Likewise, perhaps, so is your catchall. :)

To be fair, I have used user+tags(a)addresses in other situations, and
in those cases it's not possible to say with certainty that user@
wasn't added to some spam list behind the scenes. But there too, I'm
able to say that spam is not a major problem for me. HELO checks and
Zen catch all but a few.


Oh, this was about greylist server recommendations, so I'll toss in
my opinion about that as well. I used to use sqlgrey. It is a fine
piece of software, well and actively maintained (even when Lionel
took a hiatus, he got a standin maintainer. The list, although very
quiet, is monitored.)

I stopped using it years ago. The pain of greylisting wasn't worth
the minimal benefits. I did not notice any substantive, measurable
difference in spam with and without greylisting.

I think by now the vast number of spambots mean that it's feasible
for any given zombie to go through its list more than once. I *do*
think that much of what little zombie spew I see comes in twice.
Possibly the occasional lack of the second copy means that the CBL
picked it up in the meantime.

Spamhaus PBL was extremely effective against zombies, as was the
widespread blockage of outbound port 25. I think the battle against
zombies will be shifting back to the relay-through-smarthost model
rather than the direct-to-MX model. This means that a postmaster's
job will be getting much harder.

Imagine that!
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header

From: Bas Mevissen on 23 Mar 2010 08:11
On Tue, 2010-03-23 at 05:43 -0500, /dev/rob0 wrote:

> > I'm aware of address extension.
>
> I think maybe I have discussed this with you before as well.
>

I don't think so :-)

> > It is a well-known trick, so the
> > extension is likely to be stripped off by spam senders.
>
> Funny thing about that. I have exactly one spamtrap address, and
> precisely because of spammers stripping the extension. Some years
> back, I made a few posts to a mailing list using this address:
> list+elite(a)nodns4.us . Note, no munging considered necessary.
>
> That address is not spammed at all; neither is the list@ address.
> Elite(a)nodns4.us is my spamtrap! I get lots of hits on that, over
> 2000 in the past month.
>
> So, IME there is nothing to support your assumption about spammer
> behavior. I would know it if the list@ address started to get hit.
> I'd still be able to control it, because the only valid use of that
> address have been list sunscriptions, each containing a +tag. But
> this hasn't been necessary.
>
> Moral of the story: maybe harvest bots are dumber than you think.
> Likewise, perhaps, so is your catchall. :)
>

OK, I saw different behaviour. But that was somewhere beginning of the
90's when I only had a single e-mail address.

I switched to catchall after I had my own domains and up to a year or
so, there was not that much spam on it. I took my measures and now I
have a few spam mails catched by SA every day and maybe 1 or 2 in my
inbox, mostly because I don't greylist my regular addresses.

> To be fair, I have used user+tags(a)addresses in other situations, and
> in those cases it's not possible to say with certainty that user@
> wasn't added to some spam list behind the scenes. But there too, I'm
> able to say that spam is not a major problem for me. HELO checks and
> Zen catch all but a few.
>

That's my experience too. I used to have a few hand-written rules and SA
working together with over 95% percent result.

>
> Oh, this was about greylist server recommendations, so I'll toss in
> my opinion about that as well. I used to use sqlgrey. It is a fine
> piece of software, well and actively maintained (even when Lionel
> took a hiatus, he got a standin maintainer. The list, although very
> quiet, is monitored.)
>
> I stopped using it years ago. The pain of greylisting wasn't worth
> the minimal benefits. I did not notice any substantive, measurable
> difference in spam with and without greylisting.
>
> I think by now the vast number of spambots mean that it's feasible
> for any given zombie to go through its list more than once. I *do*
> think that much of what little zombie spew I see comes in twice.
> Possibly the occasional lack of the second copy means that the CBL
> picked it up in the meantime.
>

I've had only 1 or 2 spambots passing greylisting every week. I don't
have stats for the number of drops. But the list of "unanswered"
greylistings is huge.

> Spamhaus PBL was extremely effective against zombies, as was the
> widespread blockage of outbound port 25. I think the battle against
> zombies will be shifting back to the relay-through-smarthost model
> rather than the direct-to-MX model. This means that a postmaster's
> job will be getting much harder.
>
> Imagine that!

Yes, the number of relay attempts is increasing rapidly. I really need
to cut out large parts of the /var/log/mail in logwatch reports.

Bas.

First  |  Prev  |  Next  |  Last
Pages: 1 2 3 4 5
Prev: routing according to sender domain, not recipient domain
Next: How to disable Postfix Mail Delivery Report