Reasonable settings for greyexp and whiteexp
Sh4d03
mlists at shadow-security.net
Tue Sep 11 07:42:37 PDT 2007
Jeremy C. Reed wrote:
> On Tue, 11 Sep 2007, Sh4d03 wrote:
>
>
>> I've got spamd working on my FreeBSD pf gateway, however it seems there
>> maybe a few legit senders who are never becoming whitelisted (though
>> most are).
>> Until just now my settings were:
>> passtime: 25
>> greyexp: 8
>> whiteexp: 36
>>
>> I've now just lowered the passtime to 10 and increased the greyexp to 12
>> in the hope that I can eliminate the legitimate senders from failing to
>> successfully transmit their messages. I was wondering what other people
>> have configured for the above settings.
>>
>
>
> I use: -G 20:6:864
> passtime = 20 minutes
> greyexp = 6 hours
> whiteexp = 864 hours (default)
>
> Your whiteexp is way too low. (That is hours not days.)
>
> You also need to take in consideration common MTAs queue retry times.
> Sendmail defaults usually have 30 minutes minimum time in queue before
> retry (up to five days). Exim commonly will retry every 15 minutes for
> first two hours, then increase the times between retries up to six hours
> between until four days. While postfix (by default) will retry between
> five minutes and 66 minutes up to five days (times between increasing).
>
>
>
> Jeremy C. Reed
>
>
>
>
Sorry, I made the conversion in my head when I wrote the E-mail. My
whiteexp was and is 864, which equals 36 days (hence where the 36 came
from).
-G 10:12:864
passtime = 10 minutes
greyexp = 12 hours
whiteexp = 864 hours (36 days)
I'll keep an eye on things and see if all is ok. I'm still concerned
that there are too many legit senders not being whitelisted.
Also, after a change to the flags in rc.conf is
/usr/local/etc/rc.d/obspamd restart sufficient for the changes to take
effect or must I do a killall -HUP?
Thanks for your reply,
Sh4d03
More information about the freebsd-pf
mailing list