On 2017-09-29, Peter N. M. Hansteen <peter@bsdly.net> wrote:
> On 09/29/17 15:06, Markus Rosjat wrote:
>
>> my boss is getting on my nerves that greylisting is basically out of
>> date because of things like outlook.com and mails ending up delayed for
>> ever. So the next logical step would be to deploy a tool like rspamd or
>> spamassasin to examin mail content. These tools need to be trained and
>> if you have a small mailserver with less accounts this could take a
>> while I imagine.
>
> It won't surprise anyone here that I disagree with the assertion that
> greylisting is in any way outdated. Come back with that assertion when
> the SMTP RFC is amended to drop the retry requirement.
These senders do retry, but not always from the same source address.
Are you aware of any requirement in RFC5321 about source addresses
of retries? I didn't find any when I looked (or even a requirement that
retries are done over the same IP protocol version).
Greylisting still has its place, but with the way email operates today,
exemptions are unavoidable if you have a requirement to communicate
reliably with users of many email services. Especially with a strict
per-host greylisting implementation, where you don't get any benefit
from the common thing where senders often arrange to retry from within
the same v4 /24.
What you can do with rspamd is only greylist mail that looks spammy
but isn't scored highly enough to block outright. (Or you could think
of that as making an exemption for mail that doesn't look too spammy).
This works quite well in my experience. Unfortunately it's a lot more
complex to configure than spamd, though once you start adding
scripts and trying to work out who to whitelist, the spamd setup
doesn't seem quite so straightforward either.
Most of the spam that reaches my mailbox is forwarded by a (high
IP reputation) host that sits behind spamd. (I'm looking at you,
Chinese state-owned enterprise trying to order a batch of fox
fur from my @openbsd address! And others.) That's a lot trickier
to block on my side without false positives..
No comments:
Post a Comment