Loading ...
Sorry, an error occurred while loading the content.

198354Re: [long] Re: Greylisting and Postfix

Expand Messages
  • Alex Satrapa
    Jun 1, 2006
      On 1 Jun 2006, at 17:19, Alex Satrapa wrote:

      > When I raise the greylist delay to half an hour (enough time for
      > the ISP to start getting complaints of spam originating from their
      > clients, and shut the client out), I start receiving complaints
      > from people whose mail servers send them messages saying, "I
      > couldn't deliver this message after half an hour, I'm still trying
      > though."

      And here's why greylisting doesn't work:

      > Received: from optkmv.ru (opttorg.cust.kmv.ru [])
      > (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No
      > client certificate requested) by smtp.apf.edu.au (Postfix) with
      > ESMTP id 88F6D8A80A3 for <alex.satrapa@...>; Thu, 1 Jun
      > 2006 19:54:31 +1000 (EST)
      > Received: from optkmv.ru (localhost [] (may be forged))
      > by optkmv.ru (8.13.5/8.13.5) with ESMTP id k517X9rF003136 for
      > <alex.satrapa@...>; Thu, 1 Jun 2006 11:33:09 +0400
      > Received: (from diana@localhost) by optkmv.ru (8.13.5/8.13.5/
      > Submit) id k517X7sY003130; Thu, 1 Jun 2006 11:33:07 +0400
      > X-Sieve: CMU Sieve 2.2
      > X-Greylist: delayed 8422 seconds by postgrey-1.21 at franklin;
      > Thu, 01 Jun 2006 19:54:32 EST
      > Message-Id: <200606010733.k517X7sY003130@...>
      > Content-Type: text/html

      This was from a phishing attempt (trying to get me to enter my paypal
      account details into their website).

      Note that they reconnected after a couple of hours, and used TLS
      encryption. Their hostname is valid, and doing a resolution on the
      name derived from a reverse lookup on the IP address results in the
      IP address.

      Is there anything else here that could have indicated to my mail
      server that this was not legitimate mail?
    • Show all 18 messages in this topic