pfspamd greylisting stuttering at everything
Michael W. Lucas
mwlucas at blackhelicopters.org
Thu Oct 26 16:02:38 UTC 2006
On Mon, Oct 23, 2006 at 08:20:32AM +0200, Peter N. M. Hansteen wrote:
> > I'm set up just like the man page, but every incoming connection is
> > being stuttered at. This plays havoc with incoming legit mail, of
> > course, and I've been forced to fall back on older antispam tools.
>
> Are you sure you are actually seeing stuttering, not just the
> greylisting database getting (slowly) initialized?
[sorry for the delay answering, I needed to spend some quality time
with my mailserver to answer this thoroughly.]
Well, if I manually telnet to port 25 from any machine, I get about
one character a second. And I get taunted. I don't think that's the
innocuous 451 error mentioned in the manual.
> You should expect a 'silent period' while the machines which are
> trying to send you mail prove their good intentions to your
> greylister. The point of greylisting, after all, is to force
> correspondents to retry 'within a reasonable time'. The lower
> threshold for 'reasonable' is set with the first of the -G arguments
> to spamd. The other factor is how long the correspondent takes to
> actually retry, which depends on a number of other factors you really
> can't influence much, such as the size of that server's outgoing
> queue.
I've let it run for three hours this morning.
Before starting pfspamd today, I checked my spamdb. spamdb listed 12
entries. After 3 hours, spamdb listed the same 12 entries. My spamd
logs to /var/log/spam, which has many interesting entries in it:
Oct 26 11:18:31 bewilderbeast spamd[731]: (GREY) 216.136.204.119: <owner-doc-committers at FreeBSD.org> -> <mwlucas at blackhelicopters.org>
Oct 26 11:18:40 bewilderbeast spamd[731]: 204.127.192.84: connected (12/1)
Oct 26 11:18:47 bewilderbeast spamd[731]: 89.110.7.178: From: Leila Wood <uzzfnh at fantasy-heaven.de>
Oct 26 11:18:47 bewilderbeast spamd[731]: 89.110.7.178: To: mwlucas at blackhelicopters.org
Oct 26 11:18:47 bewilderbeast spamd[731]: 89.110.7.178: Subject: caustic assent
Oct 26 11:18:47 bewilderbeast spamd[731]: 89.110.7.178: Body: This is a multi-part message in MIME format.
Oct 26 11:18:47 bewilderbeast spamd[731]: 89.110.7.178: Body: --------------060605040706020008040508
Oct 26 11:18:47 bewilderbeast spamd[731]: 89.110.7.178: Body: Content-Type: text/html; charset=ISO-8859-1
Oct 26 11:18:47 bewilderbeast spamd[731]: 89.110.7.178: Body: Content-Transfer-Encoding: 7bit
Oct 26 11:18:47 bewilderbeast spamd[731]: 89.110.7.178: Body: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
Oct 26 11:18:47 bewilderbeast spamd[731]: 89.110.7.178: Body: <html>
Oct 26 11:18:47 bewilderbeast spamd[731]: 89.110.7.178: Body: <head>
Oct 26 11:18:47 bewilderbeast spamd[731]: 89.110.7.178: Body: <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
Oct 26 11:19:13 bewilderbeast spamd[731]: 204.152.190.11: disconnected after 390 seconds.
Oct 26 11:19:15 bewilderbeast spamd[731]: 12.130.136.42: disconnected after 390 seconds.
Oct 26 11:19:34 bewilderbeast spamd[731]: 89.110.7.178: disconnected after 390 seconds.
Oct 26 11:19:48 bewilderbeast spamd[731]: 200.52.66.237: connected (10/1)
So, bad stuff is making it there.
Good stuff is as well, though. I sent an email from work to test the
setup:
bewilderbeast~;grep gkn /var/log/spamd
Oct 26 11:33:59 bewilderbeast spamd[4622]: (GREY) 194.76.60.27: <Michael.Lucas at gkndriveline.com> -> <mwlucas at blackhelicopters.org>
Oct 26 11:35:42 bewilderbeast spamd[4622]: 194.76.60.27: From: "Michael Lucas \(DL\)" <Michael.Lucas at gkndriveline.com>
Oct 26 11:35:42 bewilderbeast spamd[4622]: 194.76.60.27: Body: michael.lucas at gkndriveline.com
Oct 26 11:41:50 bewilderbeast spamd[4622]: (GREY) 194.76.60.27: <Michael.Lucas at gkndriveline.com> -> <mwlucas at blackhelicopters.org>
Oct 26 11:43:33 bewilderbeast spamd[4622]: 194.76.60.27: From: "Michael Lucas \(DL\)" <Michael.Lucas at gkndriveline.com>
Oct 26 11:43:33 bewilderbeast spamd[4622]: 194.76.60.27: Body: michael.lucas at gkndriveline.com
Ten minute delay between the first and last attempt.
I'm running spamd as below:
pfspamd_flags="-v -G7:4:864 -r451"
This tells me that after seven minutes, the next attempt should be
graylisted and handed to my mail server.
bewilderbeast~;grep gkn /var/log/maillog
bewilderbeast~;
Nothing.
bewilderbeast~;spamdb | grep gkn
bewilderbeast~;
Nothing again.
> I would give the initial database buildup a few hours at least. If
> you're impatient and you have a few addresses which you consider
> 'known good', you could whitelist them using
>
> # spamdb -a nnn.nnn.nnn.nnn
I'd rather avoid whitelisting manually, except perhaps my home IP,
until I know greylisting works on its own.
> see spamdb(8) for details. I suppose that man page could do with a
> bit more text.
All of spamd could use some documentation, but that'll happen. ;-)
> PS My favorite quote about spamd and greylisting at the moment is this
> recent message to openbsd-misc:
> http://marc.theaimsgroup.com/?l=openbsd-misc&m=116136841831550&w=2
That's what inspired me to try this.
Thanks for your help, it's nice to know I'm not missing anything
really obvious.
==ml
--
Michael W. Lucas mwlucas at FreeBSD.org,mwlucas at BlackHelicopters.org
http://www.BlackHelicopters.org/~mwlucas/
Latest book: PGP & GPG -- http://www.pgpandgpg.com
"The cloak of anonymity protects me from the nuisance of caring." -Non Sequitur
More information about the freebsd-questions
mailing list