I have decided to try installing sqlgrey on my VPS to see if that cuts down on the volume of spam. The basic idea is more than a decade old, and I can’t find much in the way of newer testimonials as to how wonderful it continues to be. On the other hand, I can’t see anyone saying it is now a terrible idea that should have a stake put through its heart and buried in an unmarked grave at midnight and forgotten. (Actually I’m posting this message just to see how legitimate mail makes it through the greylist obstacle course; it’s only been running less than an hour, and has already blocked 10 spam messages so far.)
I wrote:
I have decided to try installing sqlgrey on my VPS to see if that cuts down on the volume of spam.
That message got back to me just fine. The Waikato list server got rejected by my greylister the first time, but it tried again 20 minutes later, and was accepted this time. Interesting to watch all the other connection attempts coming through. Are all these random machines open proxies rather than open relays? Because if they were running legitimate (if misconfigured) MTAs, I imagine they too would automatically retry at some point after an initial rejection, and the spam would still get through. But so far, it’s been 3 hours, and not a single one of them has done that.
I wrote:
Interesting to watch all the other connection attempts coming through. Are all these random machines open proxies rather than open relays?
Seems like there are some open relays. But the usual overnight flood of spam has dwindled to a trickle (so far). You do have to be careful, though. Checking through my logs, I discovered that GitHub is attempting to send me a message. Unfortunately, each time they retry, the connection comes from a different server in their network. So the greylister doesn’t match it up with any previous attempt, and rejects it anew. This is a known issue with greylisting, when dealing with certain large organizations running lots of mail servers, and sqlgrey already includes some standard lists of domains to work around this in its whitelist. I have added *.github.com to my list.
Interesting to watch all the other connection attempts coming through. Are all these random machines open proxies rather than open relays?
Seems like there are some open relays. But the usual overnight flood of spam has dwindled to a trickle (so far).
You do have to be careful, though. Checking through my logs, I discovered that GitHub is attempting to send me a message. Unfortunately, each time they retry, the connection comes from a different server in their network. So the greylister doesn’t match it up with any previous attempt, and rejects it anew.
This is a known issue with greylisting, when dealing with certain large organizations running lots of mail servers, and sqlgrey already includes some standard lists of domains to work around this in its whitelist. I have added *.github.com to my list.
Lawrence, would you mind talking about greylisting at the September WLUG meeting? Maybe a quick walk through how to set it up and what pitfalls to be aware of? Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/
On Tue, 16 Jul 2019 09:15:43 +1200, Peter Reutemann wrote:
Lawrence, would you mind talking about greylisting at the September WLUG meeting? Maybe a quick walk through how to set it up and what pitfalls to be aware of?
I guess I could. ;) Not much to say so far, apart from what I’ve posted. Still learning as I go. I expect it will only be a brief talk.
Lawrence, would you mind talking about greylisting at the September WLUG meeting? Maybe a quick walk through how to set it up and what pitfalls to be aware of?
I guess I could. ;)
Not much to say so far, apart from what I’ve posted. Still learning as I go.
I expect it will only be a brief talk.
Short talk is fine. :-) Here's the updated Meetup: https://www.meetup.com/WaikatoLinuxUsersGroup/events/257884313/ Thanks! Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/
I expect it will only be a brief talk.
If you want a longer talk, I could go into more detail about how e-mail works, open relays, the basic insecurity of SMTP etc.
That would be a good introduction on why you need approaches like greylisting. I leave that up to you how much time you have to prepare. Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/
participants (2)
-
Lawrence D'Oliveiro -
Peter Reutemann