18 Feb
2014
18 Feb
'14
11:22 a.m.
On Sun, Feb 16, 2014 at 11:45:20PM +0000, Ian wrote:
ed said:
I used greylisting for a while, but I found too many false positives
(for me) with sites that are "legit" but don't work with it. Generally
it seemed to be situations like big sites that would retry from one of a
cluster of MTA boxes.
Do you have any problems? Maybe the world has improved since I last
tried it.
Michael
Alternatively, you could try greylising, 4xx the
sending mail server IP
for thirty minutes on the first mail seen from it, then allow it. Often
this helps as most exploited spam sources don't queue.
Greylisting is my solution. So little gets past it that I don't bother
with spamassassin. Occasionally, a handful come via a spammer who does
follow RFCs, but Thunderbird's spam filtering gets them.
postgrey is the package if you're using Postfix on Debian. New sources
are told 'not yet' for - I think - ten minutes. If they try again after
that, they get through. But the logfiles are full of spambots that don't
bother.
I'm very grateful that not everyone does it.