OT: Greylisting and Yahoo Mailinglists

Chuck Swiger cswiger at mac.com
Wed Jan 16 09:48:22 PST 2008 

On Jan 15, 2008, at 11:23 PM, Heiko Wundram (Beenic) wrote:
> Am Dienstag, 15. Januar 2008 19:08:39 schrieb Chuck Swiger:
>> You didn't mention which mailserver or greylist software you are
>> using, but the postgrey implementation (for use with Postfix) has  
>> this
>> in postgrey_whitelist_clients:
>>
>> # greylisting.org: Yahoo Groups servers (no retry)
>> scd.yahoo.com
>>
>> ...and you could choose to whitelist all of yahoo.com just as easily.
>
> I am using Postfix, but not postgrey, rather postfix-policyd, which  
> does
> whitelisting of hosts based on IPs of the connecter. postfix-policyd  
> comes
> with three blocks of IPs for the Yahoo Groups mailservers in the  
> default
> whitelist, but none of the IPs I mentioned in my original mail falls  
> into
> those groups.

OK.  I use policy-weightd also; it doesn't greylist entries precisely,  
but instead does RBL lookups and some checking of forward and reverse  
DNS lookups, and then caches those results for a while.  It will do a  
good job of rejecting people claiming to send mail from a Yahoo  
account if they do not use a mailserver in the yahoo.com domain:

Jan 16 03:21:52 <mail.info> pi postfix/smtpd[47289]: connect from  
unknown[201.210.144.157]
Jan 16 03:21:54 <mail.info> pi postfix/policyd-weight[4912]: decided  
action=450 temporarily blocked because of previous errors - retrying  
too fast. penalty: 30 seconds x 0 retries.; delay: 0s
Jan 16 03:21:54 <mail.info> pi postfix/smtpd[47289]: NOQUEUE: reject:  
RCPT from unknown[201.210.144.157]: 450 <bluefire at codefab.com>:  
Recipient address rejected: temporarily blocked because of previous  
errors - retrying too fast. penalty: 30 seconds x 0 retries.; from=<
tequila301 at yahoo.com> to=<bluefire at codefab.com> proto=ESMTP  
helo=<dC9D2909D.dslam-13-9-34-06-2-02.alf.dsl.cantv.net>
Jan 16 03:21:55 <mail.info> pi postfix/smtpd[47289]: lost connection  
after DATA from unknown[201.210.144.157]

...but almost always, this is forged email being sent as spam to  
accounts which don't exist in my local domain, so it seems to be doing  
the right thing here.

> Sorry for underspecifying my requirements, but that's the reason I  
> was asking
> specifically. I knew about the postgrey whitelist entry you mentioned.

Right.  Well, if you have some sample log lines from a known legit  
sender which were being blocked, that would be helpful...

-- 
-Chuck

More information about the freebsd-questions mailing list