logs archiveIRC Archive / Freenode / #exim / 2015 / September / 14 / 1
genkgo
i found https://github.com/Exim/exim/wiki/FastGrayListMiniTutorial and want to use it. the article is from 2012 and was wondering if it is still bet practise to setup greylising
or maybe i should use http://www.tldp.org/HOWTO/Spam-Filtering-for-MX/exim-greylisting.html
do you have any advise on best practice for greylistening?
henk
If you really want to do it, do it selectively. I find greylisting annoying as hell, especially when it happens for no real reason and indiscriminately.
it also does not help against spam sent via hacked accounts on legimitate servers, only against really stupid spambots which are usually only running on badly maintained windows clients.
jgh_
tbf there are plenty of them about. Defense in depth...
rjek
henk: Which would be the majority of them...
One trick is to not greylist things that passes SPF
Because if they got that right, they're going to retry anyway
hs12
genkgo: http://www.schlittermann.de/doc/grey.shtml describes a Perl extension for Exim to do the Greylisting. We do greylist messages that do not exceed a magic message size. It seems to satisfy all users :)
henk
true, but does it take greylisting to get rid of those? They are stupid so AFAICT a few well-placed delays here and there in the smtp dialog already throws them off &
genkgo
henk: we are using rspamd, and it is really good at filtering. i just want to greylist the message rspamd says that should be greylisted
henk: and yes, it is to stop annoying bots
hs12
Big messages are no spam usually, but big messages are "important" and need to be transported immediatly (because the more important the sender or recipient feels itself, the bigger the messages are... ) People that know how Internet Mail works send smaller messages, and they re more patient.
henk
genkgo: rspamd says a message should be greylisted? That sounds a bit strange & Is that what happens when it cant definitively decide whether a message is spam or not?
         

genkgo
henk: yes, especially when a domain is from 03437.com etc
*when a message is from 93475.com
henk
interesting, thanks
genkgo
and that domain does not exists
so a lookup fails
but the message does not score high enough to be rejected immediately, or to be marked as probably spam (so it goes to the junk folder).
so, it is marked as greylisted
henk
genkgo: you could have exim verify the sender address instead &
genkgo
henk: what do you mean by that?
henk
verify = sender, look it up in the docs. basically runs the sender address through routers to see whether a bounce could be routed and if that turns out to be impossible, fails.
Im not sure why rspamd would not see a mail from an inexistant domain as spam, its rather obvious IMHO &
genkgo
henk: that is what i would think too
henk
so it seems your statement "it is really good at filtering" is not so true after all &
(;
rjek
One of the first tests I do at MAIL FROM is "can I resolve this?"
Nope. DENIED.
genkgo
rjek: Agreed. I will return to #rspamd and discuss it.
henk: if i understand you well, then you are saying that i should avoid greylistening, right?
henk
genkgo: well, no, not really & I dont like it, but thats just personal preference. IMHO, if you really want it, you should make sure to exhaust all other anti-spam measures and even then only greylist stuff that not quite dubious enough to reject right away, i.e. be selective who or what you greylist.
bjornar
is the exim users list manually filtered?
I sent a mail yesterday, and it has still not shown up, and no bounces.
jgh_
I think new senders go via a moderator
genkgo
henk: thanks for the feedback, i will take it into account!
henk
genkgo: Im not convinced that greylisting actually helps. I have not seen any statistics, analysis, or report confirm the effectiveness of greylisting yet, at least none that are without ambiguity. I run setups that deal pretty good with spam without using greylisting, but maybe greylisting would even make that more effective. I have not tried yet &
rjek
Greylisting sods off a lot of obvious spam that doesn't get caught by DNS blocklists and *would* probably get caught by the likes of SA, but is computationally much less expensive.
Anyway, it's up to my customers if they want to greylist. There's a tick box and they can control the window size.
genkgo
rjek: within #rspamd it is the general feeling that sender verification is the responsibility of the mta, i think i agree with that
rjek
Yes, it's a cheap and simple test
Might as well be done long before an expensive content processing step happens
genkgo
rjek: it is as simple as "require verify = sender", right?
rjek
Sender verification bothers possibly innocent mail servers, and also some people are crap and send legit mail from email addresses that don't work
         

jgh_
"bothers", only for verify-with-callout
rjek
nod
jgh_
and I personally have little sympathy with the latter
rjek
jgh_: Sympathy for people doing the callouts, or for people receiving them?
jgh_
no, the "some people are crap"
rjek
heh
genkgo
rjek: what would you advise "require verify = sender" or examples from https://github.com/Exim/exim/wiki/Verification?
rjek
(Action) distances himself from any recommendations :)
genkgo
hehe :)
rjek
verify = reverse_host_lookup looks to be a good first step though, no?
genkgo
rjek: is that more in line with postel's law? liberal in its receiving behavior?
is it less strict than verify = sender?
rjek
If you want to reduce the amount of perfectly legitimate mail you receive, try using GNU SAUCE.
jgh_
Postel's law died with Cantor&Siegel
genkgo
rjek: i am a little reluctant to change my config on a production server, but `require verify = reverse_host_lookup` seems good to me
henk
genkgo: it isnt.
genkgo
henk: since i am going to change a production environment i want to change with minor steps
jgh_
use "warn logwrite=POINT_A" for development before actual rejects...
genkgo
henk: so what would be the smallest step in this case?
henk
genkgo: Too many legitimate servers have "incorrect" reverse dns while it is "correct" for a lot of dialup connections. There is also absolutely no reason why matching forward and reverse dns should have any influence on mail. Also read http://homepage.ntlworld.com./jonathan.deboynepollard/FGA/dns-avoid-double-reverse.html about that. It doesnt make any sense to reject mail or connection based only on
"mismatching" dns/rdns. I make the lookup, but the only consequence of it not matching is a small delay.
genkgo
henk: so you are saying i should not reject messages that are coming from domains that have no reverse dns lookups?
henk
yes
well, to be exact: no, but almost. Im saying you should not reject for that reason. If you have good reasons to, feel free to reject.
genkgo
henk: then, my central question is: how to reject messages coming from inexistent domains?
then maybe, greylistening is not a bad idea after all
henk
see above, I told you that about an hour ago &
11:25:51 henk | verify = sender, look it up in the docs. basically runs the sender address &
genkgo
henk: ok, but rjek pointed me in the direction of reverse_host_lookup. i guess i now have explored both opportunities and should go for "require verify = sender"
henk: thanks for your help
much appreciated
i just activated the setting
see what happends
bjornar
Could anyone with moderator permission on exim-users please accept my "couple questions.." mail?
henk
is that the complete subject?
bjornar
no, lets see
Couple questions about bounces/autorelies and expansions (redirect data)
(now see I have a typo in there, is it that strong moderation? ;)
henk, ?
henk
bjornar: yes?
bjornar
henk, did you see my email, or is it lost somewhere?
henk
bjornar: no, I did not, and I have no idea where it is. I dont have access to the relevant systems &
hs12
bjornar: try sending me a message
(Action) misunderstood something
danols_home
Hello all, does exim support handling + in email addresses to redirect to IMAP folder ? exampl foo+hello@domain.com will route to users 'hello' IMAP folder
jgh_
yes; local_part_prefix option on a router
http://exim.org/exim-html-current/doc/html/spec_html/ch-generic_options_for_routers.html
danols_home
hi jgh_ that's great, i would have to add a router config ?
(I'm on Debian with separate config setup)
jgh_
depends what you already have. deb may even have a tickbox for it in their configurator system
if no, it'll be an addition to whatever router does the handling for the mails you're interested in
danols_home
ok, this might be above me
I have it setup and emails foo+bar@domain.com work but they get put in the inbox folder
jgh_
ah, sorry; though that was what you wanted. You want foldername+username@domain ?
1 2 next »