Milter-greylist

Hi

I use sendmail, milter-greylist and mimedefang+spamassassin.

I'm getting lots of distributed dictionary attacks. I've read that
greylisting based on DCC will help. Is there any way to do this in
milter-greylist?

One idea I have is to add the triple from the DCC-positive message to
MG's database like this:
# echo "add addr $RelayIP from $Sender rcpt $Recip date $(date +%s)"  |
nc -s $myIP -w5 localhost 5252
(I could do this in mimedefang by checking the header that MG adds to
the message.)

But I think I should really greylist the relay itself. Is there a way to
greylist a relay (ignoring the sender and recipient)?

Is there any way to tell MG to greylist the relay and defer? 

TIA

Mark

Delahunty, Mark <MDelahunty@...> wrote:

> But I think I should really greylist the relay itself. Is there a way to
> greylist a relay (ignoring the sender and recipient)?
> Is there any way to tell MG to greylist the relay and defer? 

Retaining only the host in the tuple is doomed to fail, as the spammer
does not have to maintain a queue anymore in order to resend with the
same (IP, from, rcpt). 

But your problem can probably be solved by using different greylisting
delays depending on DCC status: bad DCC, greylist for 4h, good DCC,
greylist for 15 mn (or do not greylist at all, that is your choice).

I am totally DCC ignorant: how does it work? Do you have some API or
accessiblee storage that milter-greylist could wuery to get DCC status?

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

------- Original message -------
> From: Delahunty, Mark <MDelahunty@...>
>
> I use sendmail, milter-greylist and mimedefang+spamassassin.
>
> I'm getting lots of distributed dictionary attacks. I've read that
> greylisting based on DCC will help. Is there any way to do this in
> milter-greylist?

Spamassassin supports DCC (DCC.pm), milter-greylist supports
spamassassin (see spamd acl).  There is no direct DCC-support
in milter-greylist yet.

------- Original message -------
> From:  <manu@...>
> I am totally DCC ignorant: how does it work? Do you have some API or
> accessiblee storage that milter-greylist could wuery to get DCC status?

Like with spamd, there is a socket (dccifd afair) through which
one can speak a pretty simple ascii protocol.

Petar Bogdanovic <petar@...> wrote:

> Like with spamd, there is a socket (dccifd afair) through which
> one can speak a pretty simple ascii protocol. 

Is there a library implementing the protocol? A documentation about it?

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

------- Original message -------
> From:  <manu@...>
> To: milter-greylist@yahoogroups.com
> Sent: 21.1.'11,  14:01
>
> Petar Bogdanovic <petar@...> wrote:
>
>> Like with spamd, there is a socket (dccifd afair) through which
>> one can speak a pretty simple ascii protocol.
>
> Is there a library implementing the protocol? A documentation about it?

dccifd(8) -> "Protocol":
http://rhyolite.com/dcc/dcc-tree/dccifd.html