Question on spamd

[bceverly]

Hi all,

I'm doing some further refinement on my mail server and I wanted to run spamd. What I'm seeing is that it will initially greylist a server and wait for it to retry. After some time (configurable by the flags in my rc.conf.local file) it will whitelist the server and let mail through. At least that's what the doc says.

What I'm seeing is more complex. When I send mail to the server from gmail, it hits the server from IP address A, gets asked to retry and happily does... from IP address B. I'm trying to figure out how the large mail services (gmail, office365, etc) can work with greylisting and spamd. Do you just have to block mail for a very long time with nothing getting through until you end up "collecting" the cannonical list of all mail server IP addresses from that service?

That doesn't make a whole lot of sense so clearly I'm suffering from n00b-itis again and could use some nudging from my betters here.

Thanks and sorry to be inflicting my learning experience on everyone but I really do want to get this stuff right in my head so I can stop asking questions and start answering them.

[TronDD]

Quote:

Originally Posted by bceverly

Hi all,

I'm doing some further refinement on my mail server and I wanted to run spamd. What I'm seeing is that it will initially greylist a server and wait for it to retry. After some time (configurable by the flags in my rc.conf.local file) it will whitelist the server and let mail through. At least that's what the doc says.

Yeah, spamd waits for a configurable period of time for the server (identified by IP) to retry. If it's within the time limit, it is whitelisted.

Quote:

Do you just have to block mail for a very long time with nothing getting through until you end up "collecting" the cannonical list of all mail server IP addresses from that service?

I didn't change the wait time, but for gmail, I just sent myself a few emails from my gmail address and manually started building a nospamd table. Yahoo is another problem mail service. I'm sure there are more. There was a recent thread on misc@ about it. It mostly turned into a joke about how many IP addresses Google owns.

http://marc.info/?l=openbsd-misc&m=142478407909186&w=2

Read the thread for actual valuable info.

Tim.

[22decembre]

There exists a "cannonical" list of mail servers : it's called spf, which are basically dns records telling which server is legitimate to send mail from the domain concerned.

The fact is that Google has spf records the size of a continent ! The same for Yahoo, Microsoft and a few others. When you look at them, they tell you all mail from some /16 sector is fine !