Tarpitting/greylisting

I know that this discussion has happened a bit before, and
I've been reading in the archives trying to understand it


So, I'm using the "modified" postgrey solution
described here:

http:/
/lists.ee.ethz.ch/postgrey/msg01214.html

I would be interested in adding some tarpitting, or even
finding a way to automatically block IP addresses that
repeatedly send "undeliverable" mail.  Tarpitting
I understand (mostly), but I'm not really sure how to best
implement this.  I see that there is a "taRgrey"
patch that can do part  of this, but I'm a bit confused as
to how to best go about it.

Any suggestions?

Thanks.

Danita



-- 
Unsubscribe mailto:postgrey-requestlist.ee.ethz.ch?subject=unsubscribe
Archive     http://lists.ee.ethz
.ch/postgrey
WebAdmin    http://lists.ee.ethz
.ch/lsg2.cgi

Hi.

We tested tarpitting combined with greylisting to decrease
false
positive or false negative. 

- taRgrey = decrease false positive
  The mail filter by tarpitting mainly.
  If the mail lost connection with tarpitting is resent, it
accepts it
  with greylist. 

- tarpit&greylist = decrease false negative
  Filter by tarpitting and greylisting.
  First, the mail filter by tarpitting. Second, the mail
which filtered
  by tarpitting filter by greylisting.

Mr.Nakahara reported a rate of false negative about each
method. 

- taRgrey          96.5% (--tarpit=65 --targrey --delay=3600
--retry-count=2)
- Rgrey            97.0%
- tarpit&greylist  98.5% (--tarpit=65)

It is the result that all these filtered blacklist of HELO
in following
sample configuration and NS only for from connection to
match dynamic IP
of S25R, and was filtered. 
htt
p://k2net.hakuba.jp/spam/postfix.conf.2.tar.gz

taRgrey has false negative of 2.3 times of
tarpit&greylist. 


On Thu, 14 Dec 2006 13:34:55 -0700
"Danita Zanre" <danitacaledonia.net> wrote:
Subject: [postgrey] Tarpitting/greylisting

> I know that this discussion has happened a bit before,
and I've been reading in the archives trying to understand
it 
> 
> So, I'm using the "modified" postgrey
solution described here:
> 
> http:/
/lists.ee.ethz.ch/postgrey/msg01214.html
> 
> I would be interested in adding some tarpitting, or
even finding a way to automatically block IP addresses that
repeatedly send "undeliverable" mail.  Tarpitting
I understand (mostly), but I'm not really sure how to best
implement this.  I see that there is a "taRgrey"
patch that can do part  of this, but I'm a bit confused as
to how to best go about it.
> 
> Any suggestions?
> 
> Thanks.
> 
> Danita

-- 
SATOH Kiyoshi <satohhakuba.jp> http://d.hatena.ne.
jp/stealthinu/

-- 
Unsubscribe mailto:postgrey-requestlist.ee.ethz.ch?subject=unsubscribe
Archive     http://lists.ee.ethz
.ch/postgrey
WebAdmin    http://lists.ee.ethz
.ch/lsg2.cgi

> It is the result that all these filtered blacklist of
HELO in following
> sample configuration and NS only for from connection to
match dynamic IP
> of S25R, and was filtered. 
> htt
p://k2net.hakuba.jp/spam/postfix.conf.2.tar.gz
> 
> taRgrey has false negative of 2.3 times of
tarpit&greylist. 

So, I'm still really confused about what all of this means


Danita


-- 
Unsubscribe mailto:postgrey-requestlist.ee.ethz.ch?subject=unsubscribe
Archive     http://lists.ee.ethz
.ch/postgrey
WebAdmin    http://lists.ee.ethz
.ch/lsg2.cgi

On Mon, 18 Dec 2006 11:53:24 -0700
"Danita Zanre" <danitacaledonia.net> wrote:
Subject: [postgrey] Re: Tarpitting/greylisting

> > It is the result that all these filtered blacklist
of HELO in following
> > sample configuration and NS only for from
connection to match dynamic IP
> > of S25R, and was filtered. 
> > htt
p://k2net.hakuba.jp/spam/postfix.conf.2.tar.gz
> > taRgrey has false negative of 2.3 times of
tarpit&greylist. 
> 
> So, I'm still really confused about what all of this
means 

Sorry... I am not so good at English. 
I thought that you didn't understand whether you should use
taRgrey or
tarpit&greylist. 

> but I'm a bit confused as to how to best go about it.

Please teach that you are confused concretely.


-- 
SATOH Kiyoshi <satohhakuba.jp> http://d.hatena.ne.
jp/stealthinu/

-- 
Unsubscribe mailto:postgrey-requestlist.ee.ethz.ch?subject=unsubscribe
Archive     http://lists.ee.ethz
.ch/postgrey
WebAdmin    http://lists.ee.ethz
.ch/lsg2.cgi

> Sorry... I am not so good at English. 
> I thought that you didn't understand whether you should
use taRgrey or
> tarpit&greylist. 

I was assuming I should use taRgrey, but I still don't quite
get it <g>

>> but I'm a bit confused as to how to best go about
it.
> 
> Please teach that you are confused concretely.

I'm getting closer and closer to complete confusion, so this
is better 

I have to get back to this after the holidays I guess.  I'll
do some more reading and see if I can figure it out!

Thanks.

Danita
 


-- 
Unsubscribe mailto:postgrey-requestlist.ee.ethz.ch?subject=unsubscribe
Archive     http://lists.ee.ethz
.ch/postgrey
WebAdmin    http://lists.ee.ethz
.ch/lsg2.cgi

Hello,

I'll try to explain what Mr.Sato means, although I don't
know whether
I can do better.

His taRgrey policy server works roughly as follows (if I
understand
correctly):

In `normal' mode (without --tarpit option):

  Just behave as postgrey:

  If the client has retried correctly, then return
"DUNNO" to postfix
  else return "DEFER_IF_PERMIT" to postfix

In `tarpit' mode (with --tarpit but without --targrey
option):

  If the client has retried correctly, then return
"DUNNO" to postfix
  else return "SLEEP 65,DEFER_IF_PERMIT" to
postfix

  (This is almost equivalent to the original postgrey with
options
   --greylist-action="SLEEP 65,DEFER_IF_PERMIT"
--greylist-text="",
   but with additional `retry-count' tweak -- see below.)

In `targrey' mode (with both --tarpit and --targrey option):

  If the client has retried correctly, then return
"DUNNO" to postfix
  else if this is the first time, then return "SLEEP
65" to postfix
  else return "DEFER_IF_PERMIT" to postfix

Where `retried correctly' means that the client retried
`retry-count'
many times, with interval no longer than `retry-window'
seconds and
no shorter than `delay' seconds.

`Retry-count' is the option added in targrey (the default
value is 1).

The time to sleep is customizable (65 is the default value).

In any case, a client can send mails without delay once it
is
recognized as legitimate.

Mr.Sato's intention for `targrey' mode is to save clients
that can retry
correctly but cannot endure tarpit delay.

I've never tried targrey myself, since I am using Postfix
2.2.8 which
does not support SLEEP action.

Regards,
		MAEDA Atusi

"Danita Zanre" <danitacaledonia.net> writes:

> > Sorry... I am not so good at English. 
> > I thought that you didn't understand whether you
should use taRgrey or
> > tarpit&greylist. 
> 
> I was assuming I should use taRgrey, but I still don't
quite get it <g>
> 
> >> but I'm a bit confused as to how to best go
about it.
> > 
> > Please teach that you are confused concretely.
> 
> I'm getting closer and closer to complete confusion, so
this is better 
> 
> I have to get back to this after the holidays I guess. 
I'll do some more reading and see if I can figure it out!
> 
> Thanks.
> 
> Danita
>  
> 
> 
> -- 
> Unsubscribe mailto:postgrey-requestlist.ee.ethz.ch?subject=unsubscribe
> Archive     http://lists.ee.ethz
.ch/postgrey
> WebAdmin    http://lists.ee.ethz
.ch/lsg2.cgi

-- 
Unsubscribe mailto:postgrey-requestlist.ee.ethz.ch?subject=unsubscribe
Archive     http://lists.ee.ethz
.ch/postgrey
WebAdmin    http://lists.ee.ethz
.ch/lsg2.cgi