Greylist and gmail

[Maliuta]

Greylisting Solutions

I had to disable greylistd aswell for the exactly same problem

I still didnt faced how have a complete list of ip from the submask taken from google spf.

With that, a whitelist should be the solution (just with google for now)

Regards

There is more than one greylisting solution. I use Policyd http://www.policyd.org/, it does allow the use of CIDR notation. It also combines other anti-spam methods, like SPF record checks and HELO/EHLO checks. I am also familiar with this problem, I had to add a bunch of exceptions for hotmail so I could get some important mail delivered. Large mail server farms working in round robin don't bode well for greylisting (although these providers use greylisting on their end). Managing whitelists is becoming an important issue, and extracting information from SPF records is good start. I would have hoped that the admins of these server farms would realise these issues and make it easier for other admins to get the lists of their genuine outgoing servers.

If you don't want to use another solution there are easy ways to (including a bunch of online solutions) to take a CIDR and turn it into an exhaustive list of the IP addresses in the range - although this would probably make for a nightmare of a list to manage.

Hope this is of help

--
Nikolai

 

[nobaloney]

I use nolisting and it appears to cut down on Spam, though we don't check, as we implement greylisting by point mx0 (with a cost of 0) to an IP which simply doesn't have anything running on port 25.

Jeff

 

[edzelf]

I use a 24-bit mask for ALL IP-addresses. This makes the filter a bit less accurate, but it will help gmail-like multiple mailservers to get through. The code is like this:

# GREYLIST
# EDIT: Uncomment the section below if you've installed greylistd on your
# server. Note that this section should NOT be uncommented unless
# greylistd is installed on your server.

defer message = $sender_host_address is nog niet geauthoriseerd om mail te sturen \
van <$sender_address> naar <$local_part@$domain>. \
Probeer het later nog eens.
log_message = greylisted.
!hosts = +relay_hosts : \
${if exists {/etc/greylistd/whitelist-hosts}\
{/etc/greylistd/whitelist-hosts}{}} : \
${if exists {/var/lib/greylistd/whitelist-hosts}\
{/var/lib/greylistd/whitelist-hosts}{}}
domains = +relay_domains
!senders = : postmaster@*
set acl_m4 = ${mask:$sender_host_address/24}
set acl_m5 = ${sg{$acl_m4}{/24}{}}
set acl_m6 = $acl_m5 $sender_address $local_part@$domain
set acl_m6 = ${readsocket{/var/run/greylistd/socket}{$acl_m6}{5s}{}{false}}
condition = ${if eq {$acl_m6}{grey}{true}{false}}

 

[SeLLeRoNe]

Thanks for sharing, i'll test it soon.

Regards