Milter-greylist

Has anyone done anything with doing greylisting only during certain 
times of the day?

We really like the greylisting idea, but have come across too many 
poorly configured or implemented servers that wait much more than the 
time suggested.  Some of them are waiting up to 6 hours apparently.  
During the day, this just isn't going to work for us -- we can't have 
mail for employees being delayed that long (even just once).

However, a significant portion of the spam that we get seems to come 
in the off-hours.  Therefore, I think that, for us, a good option 
might be to greylist only from, say, 7pm until 6am -- and then do no 
greylisting during normal business hours.

Is anyone doing anything like this?  I'd really like to see something 
like this in the greylist configuration -- but, as a temporary 
workaround method, it should work just to do cron jobs to start and 
stop the milter, correct?  With the milter stopped, sendmail will 
just process the mail normally, correct?

 - John...

Why not just list the 'problem servers' in /etc/mail/greylist.conf, like 
other ISP servers with similar issues?

I do think that time based would have a useful place, though.

Eric

On Fri, 27 May 2005, John Goggan wrote:

> Date: Fri, 27 May 2005 15:49:46 -0000
> From: John Goggan <jgoggan@...>
> Reply-To: milter-greylist@yahoogroups.com
> To: milter-greylist@yahoogroups.com
> Subject: [milter-greylist] Time-based greylisting?
> 
> Has anyone done anything with doing greylisting only during certain
> times of the day?
>
> We really like the greylisting idea, but have come across too many
> poorly configured or implemented servers that wait much more than the
> time suggested.  Some of them are waiting up to 6 hours apparently.
> During the day, this just isn't going to work for us -- we can't have
> mail for employees being delayed that long (even just once).
>
> However, a significant portion of the spam that we get seems to come
> in the off-hours.  Therefore, I think that, for us, a good option
> might be to greylist only from, say, 7pm until 6am -- and then do no
> greylisting during normal business hours.
>
> Is anyone doing anything like this?  I'd really like to see something
> like this in the greylist configuration -- but, as a temporary
> workaround method, it should work just to do cron jobs to start and
> stop the milter, correct?  With the milter stopped, sendmail will
> just process the mail normally, correct?
>
> - John...
>
>
>
>
>
>
> Yahoo! Groups Links
>
>
>
>
>
>
>

On Friday, May 27th 2005 at 15:49 -0000, quoth John Goggan:

=>Has anyone done anything with doing greylisting only during certain 
=>times of the day?
=>

This may be silly, but why not use a cron job to just shut the milter off?

-- 
Time flies like the wind. Fruit flies like a banana. Stranger things have  .0.
happened but none stranger than this. Does your driver's license say Organ ..0
Donor?Black holes are where God divided by zero. Listen to me! We are all- 000
individuals! What if this weren't a hypothetical question?
steveo at syslang.net

Eric J. Wisti wrote:
> Why not just list the 'problem servers' in /etc/mail/greylist.conf, like 
> other ISP servers with similar issues?

Because I'm finding them on a regular basis.  These are not "previously known" 
senders.  These are people that may be emailing our employees for the first or 
second time ever.  And getting 6 hour delays -- which isn't going to work for 
us.  Therefore, excluding the servers is not really an option since I won't 
have seen the server to know about the problem until it is too late.

> I do think that time based would have a useful place, though.

Agreed.  :)

  - John...

Steven W. Orr wrote:
> On Friday, May 27th 2005 at 15:49 -0000, quoth John Goggan:
> 
> =>Has anyone done anything with doing greylisting only during certain 
> =>times of the day?
> 
> This may be silly, but why not use a cron job to just shut the milter off?

This may be silly, but I suggested exactly that slightly further down in my 
message.  Specifically, it read:

"...as a temporary workaround method, it should work just to do cron jobs to 
start and stop the milter, correct?  With the milter stopped, sendmail will 
just process the mail normally, correct?"

Thanks though!  :)

  - John...

On Friday, May 27th 2005 at 14:46 -0400, quoth John Goggan:

=>
=>Steven W. Orr wrote:
=>> On Friday, May 27th 2005 at 15:49 -0000, quoth John Goggan:
=>> 
=>> =>Has anyone done anything with doing greylisting only during certain 
=>> =>times of the day?
=>> 
=>> This may be silly, but why not use a cron job to just shut the milter off?
=>
=>This may be silly, but I suggested exactly that slightly further down in my 
=>message.  Specifically, it read:
=>
=>"...as a temporary workaround method, it should work just to do cron jobs to 
=>start and stop the milter, correct?  With the milter stopped, sendmail will 
=>just process the mail normally, correct?"
=>
=>Thanks though!  :)
=>
=>  - John...

Actually you can do better with the cronjob. Have two sendmail.cf files. 
One that came from an mc with the milter and one that came from the mc 
file without the milter. Then the cronjob doesn't have to start and stop 
the milter, it just does a kill -1 to the pidof sendmail

kill -1 $(pidof sendmail | awk '{print $1}')

Does that make it more attractive?

-- 
Time flies like the wind. Fruit flies like a banana. Stranger things have  .0.
happened but none stranger than this. Does your driver's license say Organ ..0
Donor?Black holes are where God divided by zero. Listen to me! We are all- 000
individuals! What if this weren't a hypothetical question?
steveo at syslang.net

Continuing the "this might sound silly"-theme:

Why not use cron to rotate the greylist.conf and restart the milter?
(will HUP be enough? I don't know).

(Remember to use different dump files, unless you want the greylisting
from the night to affect the day and vice versa.)

That way you can greylist special (unfriendly) networks, etc. also at
work time.


    Elrond

John Goggan <jgoggan@...> wrote:

> Is anyone doing anything like this?  I'd really like to see something
> like this in the greylist configuration -- but, as a temporary 
> workaround method, it should work just to do cron jobs to start and 
> stop the milter, correct?  With the milter stopped, sendmail will 
> just process the mail normally, correct?

Yes, that will work. You can even stop sendmail at night, that will
produce the same result.

-- 
Emmanuel Dreyfus
Un bouquin en français sur BSD:
http://www.eyrolles.com/Informatique/Livre/9782212114638/livre-bsd.php
manu@...

manu@... wrote:
> John Goggan <jgoggan@...> wrote:
>>Is anyone doing anything like this?  I'd really like to see something
>>like this in the greylist configuration -- but, as a temporary 
>>workaround method, it should work just to do cron jobs to start and 
>>stop the milter, correct?  With the milter stopped, sendmail will 
>>just process the mail normally, correct?
> 
> Yes, that will work. You can even stop sendmail at night, that will
> produce the same result.

I'm confused what you mean by that.  How would stopping sendmail at night 
produce the same result?

  - John...

John Goggan <jgoggan@...> wrote:

> > Yes, that will work. You can even stop sendmail at night, that will
> > produce the same result. 
> I'm confused what you mean by that.  How would stopping sendmail at night
> produce the same result?

Run sendmail without milter-greylist during the day, no mail will be
delayed. Shut down sendmail at night, and you'll refuse all the mail
coming from spam engines that don't retry sending. 

-- 
Emmanuel Dreyfus
Un bouquin en français sur BSD:
http://www.eyrolles.com/Informatique/Livre/9782212114638/livre-bsd.php
manu@...

manu@... wrote:
> John Goggan <jgoggan@...> wrote:
> 
> 
>>>Yes, that will work. You can even stop sendmail at night, that will
>>>produce the same result. 
>>
>>I'm confused what you mean by that.  How would stopping sendmail at night
>>produce the same result?
> 
> Run sendmail without milter-greylist during the day, no mail will be
> delayed. Shut down sendmail at night, and you'll refuse all the mail
> coming from spam engines that don't retry sending. 

Yes, but that is not at all "the same result" as running sendmail with the 
milter-greylist all night.

In fact, I'm not sure if you are making a joke with me and being sarcastic or 
I'm just missing something.  Isn't your suggestion basically not using the 
greylist EVER?  You are suggesting sendmail during the day without the 
greylist and nothing at night.  So -- when would I be using the greylist at all?

  - John...

John Goggan wrote:

> In fact, I'm not sure if you are making a joke with me and being sarcastic or 
> I'm just missing something.  Isn't your suggestion basically not using the 
> greylist EVER?  You are suggesting sendmail during the day without the 
> greylist and nothing at night.  So -- when would I be using the greylist at all?
> 

I think he's being sarcastic.  Create two greylist.conf files, one for 
normal greylisting and one with "acl whitelist default" at the very top. 
   Use a cron job to rotate them at the appropriate times of day.  The 
milter will detect the change and change its behavior.  It's cleaner 
than mucking with the sendmail configuration.

-- 

    Steve

This all seems to going messy.  John, having read what's come through on
this thread, it seems that there two
options available to you.
 
1. Stop sendmail from running at night (as below).  Because sendmail is not
running some of the spam originators will time out after
trying so many times to send the mail.  Of course the flaw with this is that
you can't send email either and it also means that legitimate mail can also
time out and not be received.
 
2. As suggested earlier in the thread create another sendmail.cf file
without the milter-greylisting options in it say sendmail.nogrey.cf.  Using
cron you can start sendmail at 7am with the sendmail.nogrey.cf then stop
sendmail at 7pm and restart it with the normal sendmail.cf (or visa versa).
This is the option I'd use because you then greylisting when you want it and
when you don't. Either way sendmail is still running.
 
Either way will do the job but "I" would definitely use the second.
 
Howard


manu@... wrote:
> John Goggan <jgoggan@...> wrote:
> 
> 
>>>Yes, that will work. You can even stop sendmail at night, that will
>>>produce the same result. 
>>
>>I'm confused what you mean by that.  How would stopping sendmail at night
>>produce the same result?
> 
> Run sendmail without milter-greylist during the day, no mail will be
> delayed. Shut down sendmail at night, and you'll refuse all the mail
> coming from spam engines that don't retry sending. 

Yes, but that is not at all "the same result" as running sendmail with the 
milter-greylist all night.

In fact, I'm not sure if you are making a joke with me and being sarcastic
or 
I'm just missing something.  Isn't your suggestion basically not using the 
greylist EVER?  You are suggesting sendmail during the day without the 
greylist and nothing at night.  So -- when would I be using the greylist at
all?

  - John...

Or no.3 Steve's option which I like the best.
 
Howard

  _____  

From: milter-greylist@yahoogroups.com
[mailto:milter-greylist@yahoogroups.com] On Behalf Of Steven Stern
Sent: Saturday, 28 May 2005 10:59 PM
To: milter-greylist@yahoogroups.com
Subject: Re: [milter-greylist] Time-based greylisting?


John Goggan wrote:

> In fact, I'm not sure if you are making a joke with me and being sarcastic
or 
> I'm just missing something.  Isn't your suggestion basically not using the

> greylist EVER?  You are suggesting sendmail during the day without the 
> greylist and nothing at night.  So -- when would I be using the greylist
at all?
> 

I think he's being sarcastic.  Create two greylist.conf files, one for 
normal greylisting and one with "acl whitelist default" at the very top. 
   Use a cron job to rotate them at the appropriate times of day.  The 
milter will detect the change and change its behavior.  It's cleaner 
than mucking with the sendmail configuration.

John Goggan <jgoggan@...> wrote:

> In fact, I'm not sure if you are making a joke with me and being sarcastic
> or I'm just missing something.  Isn't your suggestion basically not using
> the greylist EVER?  You are suggesting sendmail during the day without the
> greylist and nothing at night.  So -- when would I be using the greylist
> at all?

I'm not sarcastic, and it's just half a joke. If you stop sendmail, spam
sent by spam engines is lost, and mail from real SMTP server will get
queued and resent by the sender server.

So stopping sendmail at night will indeed reject a lot of spam. That's
not as efficient as greylisting because you accept spam when sendmail is
up. But if you don't need to receive mail at night and want to reject
nightly spam, stopping sendmail is really an option.

Of course, mail queued on sender servers while your sendmail is down may
be resent after some time, or it may be lost if the sender is
misconfigured, that's exactly the same problem you have with
greylisting.

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

On Sun, May 29, 2005 at 12:04:45AM +0200, Emmanuel Dreyfus wrote:
> Of course, mail queued on sender servers while your sendmail is down may
> be resent after some time, ...

The default warn time of "sendmail" is 4 hours. If you shutdown your sendmail
during the night a lot of remote systems will generated warning e-mails
because they cannot deliver e-mail to your system.

And that won't happen with Greylisting and reasonable delay time.

	Kind regards

-- 
Matthias Scheler                                  http://scheler.de/~matthias/