|
List Info
Thread: Maia and greylisting
|
|
| Maia and greylisting |
|
2006-11-21 15:59:51 |
|
The point is to find a solution for this. I need is to have a greylisting solution that is able to use the whitelist from maia.
So that users enter throught maia their whitelist entries and that these entries are used by the greylisting solution fro whitelisting..
Sponsored Link
Rates near 39yr lows. $510,000 Loan for $1698/mo -
Calculate new house payment |
| Maia and greylisting |
|
2006-11-21 16:29:27 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ali Nebi wrote:
> The point is to find a solution for this. I need is to
have a
> greylisting solution that is able to use the whitelist
from maia.
> So that users enter throught maia their whitelist
entries and that these
> entries are used by the greylisting solution fro
whitelisting..
There is no such thing yet. sqlgrey has the strongest
potential for an
interface in Maia, although I don't think it would ever be
the same whitelist
for both operations, because they serve very different
purposes.
First of all, sqlgrey ( http://sqlgrey.source
forge.net/ ) (and several others)
have a built in whitelist cache; it looks at successful
deliveries and
automatically starts to whitelist sender/IP pairs. If it
sees a lot of success
from several addresses on an IP, it may even whitelist the
domain/IP pair.
Sqlgrey comes with a large builtin whitelist of known broken
mailservers, and I
haven't had any problem yet. I have had one client system
that needed one mail
server added to the explicit whitelist, and that's it.
The only possible reasons to explicitly whitelist from the
greylist mechanism is
to avoid a broken mailserver (very rare) or to elminate a
5-15 minute delay.
Sqlgrey's automatic whitelisting pretty much takes care of
both after it runs
for a day or so. In all reality, after a couple of weeks,
every sysadmin I have
installed sqlgrey for has pretty much forgotten about it,
since it works so well.
There is a simple web page admin package for administrators
to manage the
whitelists, opt-in/out lists and such, and I have thought
about adding those
controls to a Maia page somewhere.
However, that function needs to remain distinct from Maia's
whitelist. Maia's
whitelist should only be used to explicitly bypass the spam
scanning process
when a given sender is likely to be treated wrong and/or
maybe for mailing lists.
Maia needs both good and bad email to train on, to
effectively discern the
difference. If people whitelist all their friendly
contacts, Maia never gets
the benefit of training from the good email. In addition,
spammers may happen
to forge an address you have whitelisted and thus bypass
Maia.
The whitelist mechanism comes in handy when you often
receive mail from someone
(or a system process) that looks spammy and you do not wish
for the system to
learn from it. For instance, I have the spamassassin and
Maia lists whitelisted
because we often talk about spammy subjects, or even include
a few bits of spam
to discuss.
My recommendation is to use sqlgrey, and to use the admin
web interface to
correct the few errors. (I mean *few*, you will only need to
adjust a handful at
most)
Also, try to educate your users as much as possible to use
the Maia whitelist
sparingly.
- --
David Morton
Maia Mailguard - http://www.maiamailguard
.com
Morton Software Design and Consulting - http://www.dgrmm.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFYylnUy30ODPkzl0RApOGAJwNvhTjIpEGXV3wQEBxpcJpqOacBwCg
s2Rd
jKqW1z54ekcEw1DdO0j64Qw=
=/ILa
-----END PGP SIGNATURE-----
_______________________________________________
Maia-users mailing list
Maia-users renaissoft.com
http://www.renaissoft.com/mailman/listinfo/maia-users
|
|
| Maia and greylisting |
|
2006-11-21 16:36:40 |
David Morton wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Ali Nebi wrote:
>> The point is to find a solution for this. I need is
to have a
>> greylisting solution that is able to use the
whitelist from maia.
>> So that users enter throught maia their whitelist
entries and that these
>> entries are used by the greylisting solution fro
whitelisting..
>
> There is no such thing yet. sqlgrey has the strongest
potential for an
> interface in Maia, although I don't think it would ever
be the same whitelist
> for both operations, because they serve very different
purposes.
>
> First of all, sqlgrey ( http://sqlgrey.source
forge.net/ ) (and several others)
> have a built in whitelist cache; it looks at successful
deliveries and
> automatically starts to whitelist sender/IP pairs. If
it sees a lot of success
> from several addresses on an IP, it may even whitelist
the domain/IP pair.
>
> Sqlgrey comes with a large builtin whitelist of known
broken mailservers, and I
> haven't had any problem yet. I have had one client
system that needed one mail
> server added to the explicit whitelist, and that's it.
Hello David,
Thanks for that information, it will help me a lot. I do
have one
question though. We get most of our legitimate mail from the
large
domains, yahoo, hotmail, google, and aol. Our concern is
what happens
when a spammer forges 'from' address that is one of those
domains?
Obviously the IP will NOT be a legit server from the domain,
so the
question is, if the spammer connects, will it see that
'yahoo.com' is
whitelisted and pass it, even thought the IP is not yahoo,
or will it
greylist even though it's a yahoo.com address, but not a
yahoo.com server?
I hope I explained that well enough for you to understand
what I mean...
Thanks
Tom
_______________________________________________
Maia-users mailing list
Maia-usersrenaissoft.com
http://www.renaissoft.com/mailman/listinfo/maia-users
|
|
| Maia and greylisting |
|
2006-11-21 16:53:54 |
>>> On Tue, Nov 21, 2006 at 8:59 AM, in message
<20061121155951.66941.qmailweb60619.mail.yahoo.com>, Ali Nebi
<ali_20_f1yahoo.com> wrote:
> The point is to find a solution for this. I need is to
have a greylisting
> solution that is able to use the whitelist from maia.
> So that users enter throught maia their whitelist
entries and that these
> entries are used by the greylisting solution fro
whitelisting..
I'm not much of a perl programmer, but I would guess that it
wouldn't be "that" hard to create perl script that
you could cron to query the maia databases, and overwrite
your postgrey_whitelist_local file (that's not really the
right name - can't think of it off the top of my head) if
you are using postgrey. This really isn't "too"
far fetched I guess. The only nice thing about NOT
whitelisting in postgrey is that if it is spoofed mail, then
it might avoid having to deliver junk that you have
whitelisted in Maia, because it will never reach Maia to let
it through.
It would seem to me that whitelisting postgrey should not be
quite so "open" as that. I can see whitelisting
IP addresses much more likely than whitelisting addresses
when dealing with greylisting. Anyone can put anything they
like in the "from" field - it's a bit harder to
spoof the server IP address, and that's probably what should
be whitelisted in a greylisting situation rather than the
from/etc.
Danita
_______________________________________________
Maia-users mailing list
Maia-usersrenaissoft.com
http://www.renaissoft.com/mailman/listinfo/maia-users
|
|
| Maia and greylisting |
|
2006-11-21 17:06:16 |
On Tue, 2006-11-21 at 11:36 -0500, Tom Lichti wrote:
> if the spammer connects, will it see that 'yahoo.com'
is
> whitelisted and pass it, even thought the IP is not
yahoo, or will it
> greylist even though it's a yahoo.com address, but not
a yahoo.com server?
Any reasonable greylist implementation uses the /triple/ of
IP address,
sender address, and recipient address. Therefore having a
sender/recipient pair listed with a different IP address
will NOT bypass
greylisting. The IP address is used precisely because sender
addresses
are so easily forged.
--Greg
_______________________________________________
Maia-users mailing list
Maia-usersrenaissoft.com
http://www.renaissoft.com/mailman/listinfo/maia-users
|
|
| Maia and greylisting |
|
2006-11-21 17:26:10 |
Greg Woods wrote:
> On Tue, 2006-11-21 at 11:36 -0500, Tom Lichti wrote:
>> if the spammer connects, will it see that
'yahoo.com' is
>> whitelisted and pass it, even thought the IP is not
yahoo, or will it
>> greylist even though it's a yahoo.com address, but
not a yahoo.com server?
>
> Any reasonable greylist implementation uses the
/triple/ of IP address,
> sender address, and recipient address. Therefore having
a
> sender/recipient pair listed with a different IP
address will NOT bypass
> greylisting. The IP address is used precisely because
sender addresses
> are so easily forged.
>
> --Greg
>
>
That's what I thought, just wanted to confirm.
Thanks
Tom
_______________________________________________
Maia-users mailing list
Maia-usersrenaissoft.com
http://www.renaissoft.com/mailman/listinfo/maia-users
|
|
| Maia and greylisting |
|
2006-11-21 17:34:17 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Nov 21, 2006, at 10:36 AM, Tom Lichti wrote:
> greylist even though it's a yahoo.com address, but not
a yahoo.com
> server?
As Greg said, it uses the triple to list it, so a forged
address gets
blocked.
David Morton
Maia Mailguard http://www.maiamailguard
.com
mortondadgrmm.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iD8DBQFFYzigUy30ODPkzl0RAmv0AJ9M8lp2dhfptOPOHBpM/X6umZEccgCc
DCQs
fAzJWKG7ok4mrnTnpAyoQDA=
=eqIK
-----END PGP SIGNATURE-----
_______________________________________________
Maia-users mailing list
Maia-usersrenaissoft.com
http://www.renaissoft.com/mailman/listinfo/maia-users
|
|
[1-7]
|
|