schlittermann |
If you expect to get mails from hosts with changing IP this greylist may not be for you, as every IP based greylist.
If you expect to get mails from providers with a large amount of outgoing mail servers it may take a while until your greylist learned about all of them.
Here some statistic (not updated any more because now I'm using a perl based solution (grey)).
|
It's up to you where your greylist rule gets applied. The HELO test may be a good choice. But if you've trusted hosts (authenticated), then you might give them a chance to authenticate first. For this reason I use this rule in the MAIL test:
acl_check_mail: accept authenticated = * defer condition = ${run{/etc/exim/bin/unseen $sender_host_address 600}} log_message = grey listed ($sender_host_address) ... |
It's quite simple, straight forward and hopefully without any pitfalls.
W. B. Hacker sent me some hints, so please read this note:
Beware, it's only tested unter Debian GNU/Linux. Please test
the script first, esp. check if the
#! /bin/bash # © 2006 Heiko Schlittermann # You may use this script on you own risk. It is published here under # the terms of the GNU Copyright. # Example: # defer condition = ${run{.../unseen $sender_host_address 300}{$value}} # log_message = gray unseen ($sender_host_address) test -t 0 && trap "echo" EXIT NAME="$1"; shift DELAY="${1:-600}"; shift BASE="${1:-/var/run/exim/grey.d}"; shift NAME=${NAME//.//} DIR=$BASE/${NAME%/*} FILE=$DIR/${NAME##*/} test -d "$DIR" || mkdir -p "$DIR" test -f "$FILE" || { > "$FILE" echo -n yes exit 0 } # AGE = (current time) - (time of last modification of "$FILE") # please check your systems 'stat' command! AGE=$(($(date +%s) - $(stat -c '%Y' "$FILE"))) test $AGE -lt $DELAY && { echo -n yes exit 0 } read <"$FILE" echo -n no exit 0 |
find $BASEDIR -type f -atime +7 | xargs --no-run-if-empty rm |