Friday, September 29, 2017

Re: the whole greylisting, spam filtering thing

On 09/29/17 15:06, Markus Rosjat wrote:

> my boss is getting on my nerves that greylisting is basically out of
> date because of things like outlook.com and mails ending up delayed for
> ever. So the next logical step would be to deploy a tool like rspamd or
> spamassasin to examin mail content. These tools need to be trained and
> if you have a small mailserver with less accounts this could take a
> while I imagine.

It won't surprise anyone here that I disagree with the assertion that
greylisting is in any way outdated. Come back with that assertion when
the SMTP RFC is amended to drop the retry requirement.

But there are actors in the email market that do not particularly care
about standards compliance one way or the other, unfortunately (at least
for those of us below critical mass in terms of volume) is to use the
nospamd feature and not exposing those sending domains to greylisting at
all. My sedimentary nospamd file, built on discovering SPF info for
badly behaved domains, is available here
https://home.nuug.no/~peter/nospamd - I only started commenting entries
after a while, but it's a Works for me(tM) file. See man spamd for
examples of how to include that in your config. If you want to build and
maintain your own nospamd based on SPF records, Aaron Poffenberger's
spf_fetch is very well worth looking into (see
https://github.com/akpoff/spf_fetch)

> So my question is, is there some source that you could use to train
> these kind of tools (like a database that you could connect to for
> training conntent ) or is every one here, that uses these tools, lucky
> enough to have a shit load of users that do the training for your systems?

Yes, you need content filtering too. As others have said, you won't be
able to totally avoid the training effort based on local preferences,
but with working greylisting in front of the content filtering, those
servers will run a lot cooler than without.

I suppose my long rant from a few years back is still relevant -
https://bsdly.blogspot.no/2014/02/effective-spam-and-malware.html, for
the fun parts of doing greytrapping see
https://bsdly.blogspot.no/2013/05/keep-smiling-waste-spammers-time.html
and
https://bsdly.blogspot.no/2013/04/maintaining-publicly-available.html
and of course
https://bsdly.blogspot.no/2012/05/in-name-of-sane-email-setting-up-spamd.html
might still be of some use.

- P

--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

No comments:

Post a Comment