|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[long] Re: Greylisting and Postfix
From: Alex Satrapa (alex.satrapa
apf.edu.au)
Date: Thu Jun 01 2006 - 02:19:21 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 1 Jun 2006, at 16:13, Michael J Wise wrote:
> On May 31, 2006, at 5:39 PM, Alex Satrapa wrote:
>
>> (90% of the spam I get comes from Microsoft Outlook, which is a
>> "proper" mail sender).
>
> You've been misled.
> It may LOOK like it came from Outlook, but it didn't.
> It came from a piece of software trying desperately to look like it
> is Outlook.
Walks like a duck, quacks like a duck, therefore it is a duck.
Compare these two sets of headers:
> Received: from sjq ([203.160.26.197]) by localhost (8.13.4/8.13.4)
> with SMTP id k4V8wIth066131; Wed, 31 May 2006 01:58:18 -0700
> X-Greylist: delayed 302 seconds by postgrey-1.21 at franklin; Tue,
> 30 May 2006 18:56:51 EST
> Message-Id: <001701c6848f$fc5a8c18$c51aa0cbsjq>
> Mime-Version: 1.0
> Content-Type: multipart/related; type="multipart/alternative";
> boundary="----=_NextPart_000_0013_01C684CA.A8B963B8"
> X-Priority: 3
> X-Msmail-Priority: Normal
> X-Mailer: Microsoft Outlook Express 6.00.2800.1106
> X-Mimeole: Produced By Microsoft MimeOLE V6.00.2800.1106
versus
> Received: from DNA05 (unknown [192.168.2.205]) by smtp.apf.edu.au
> (Postfix) with ESMTP id AEBBC8A80A3 for <alexapf>; Tue, 9 May
> 2006 16:52:32 +1000 (EST)
> Message-Id: <003701c67334$e5774390$cd02a8c0DNA05>
> Mime-Version: 1.0
> Content-Type: text/plain; charset="us-ascii"
> Content-Transfer-Encoding: 7bit
> X-Mailer: Microsoft Office Outlook 11
> X-Mimeole: Produced By Microsoft MimeOLE V6.00.2900.2869
How do I distinguish the spam from the ham? The spam is the first
one, the ham is the second. The machine sending the spam tried again
5 minutes later. From the perspective of the MTA, the spam was sent
by something claiming to be "Microsoft Outlook Express" and behaving
very much like "Microsoft Outlook Express" would be expected to
behave - does it really matter what software was actually responsible
for sending the message? That is only a philosophical discussion at
best.
But back to the original topic - as you can see, the spam still gets
through with greylisting, because the software sending the spam is
intelligent enough to respond appropriately to my server faking a
temporary failure.
When I raise the greylist delay to half an hour (enough time for the
ISP to start getting complaints of spam originating from their
clients, and shut the client out), I start receiving complaints from
people whose mail servers send them messages saying, "I couldn't
deliver this message after half an hour, I'm still trying though."
Alex
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]