OpenBSD Journal

Upcoming Synchronizaton for Spamd

Contributed by dwc on from the word-gets-around dept.

Bob Beck (beck@) recently committed some interesting changes with much help from reyk@. Namely, database synchronizaton for spamd & spamlogd.

The spamd(8) daemon will be able to receive updates for GREY, WHITE, and TRAPPED tuples, and will be able to send updates for all but WHITE (which turns out not to be needed, as WHITE status can be inferred from GREY). Spamlogd's WHITE updates can also be sent to other hosts, to keep your favorite correspondents happy. Of course, these updates are authenticated via HMAC.

This has apparently been working at U of A under load and works well!

(Comments are closed)


Comments
  1. By jason (TheDudeAbides) jason@snakelegs.org on http://www.snakelegs.org

    And the hits just keep on a comin'. Great news!

    The only thing lacking now (for OpenBSD in general) is the new hier(8) default /phb directory, containing reports, obviously.

    Thanks much, beck and reyk.

    Comments
    1. Comments
      1. By Marco Peereboom (67.64.89.177) on

        People should stop using that horrid editor called emacs. yeah that's you beck!

        Comments
        1. By Jason L. Wright (134.20.32.102) jason@openbsd.org on http://www.thought.net/jason

          > People should stop using that horrid editor called emacs. yeah that's you beck!

          Right, should be mg(1).

        2. By Vincent (206.248.136.28) on

          > People should stop using that horrid editor called emacs. yeah that's you beck!

          He should just learn to configure Emacs correctly:

          (setq-default indent-tabs-mode nil)

        3. By Han (213.84.147.9) on

          Nonsense. If you put this code in your .emacs emacs produces perfect KNF C.

          (defun KNF-c-style ()
          "OpenBSD KNF C-style."
          (interactive)
          (local-set-key "\C-c\C-c" 'compile)
          (c-set-style "bsd")
          (setq fill-column 80)
          (setq c-basic-offset 8)
          (c-set-offset 'arglist-cont '*)
          (c-set-offset 'arglist-cont-nonempty '*)
          (c-set-offset 'statement-cont '4) )
          (add-hook 'c-mode-common-hook 'KNF-c-style)

  2. By squeege (216.252.79.249) on

    Awesome... that is great news.

    Too bad there isn't a more comprehensive/up-to-date whitelist maintained for the well-known services that use round-robin mail server pools.

    I know of the whitelist at greylisting.org, it's a good start, but it's now 2 years old and somewhat incomplete.

    I know, I know... I should step-up instead of whine for stuff...

    Comments
    1. By jason (TheDudeAbides) on http://www.snakelegs.org

      Half of my problems are with Yahoo.

      From me, To their customer support:

      "C'mon, this is easy. Publish the IP addresses Yahoo uses to send SMTP email from. You retry greylisted email from different IP addresses, so your mail doesn't get through.

      See this post from Yahoo Groups, for instance:

      http://tech.groups.yahoo.com/group/ygmailadmin/message/3

      Or just publish them in SPF.

      Someone replied:

      "The information you are requesting is not disclosed due to security issues. We apologize for the inconvenience. Thank you again for contacting Yahoo! Customer Care."

    2. By sthen (85.158.44.149) on

      > I know of the whitelist at greylisting.org, it's a good start, but it's now 2 years old and somewhat incomplete.

      They don't list common-queue senders within the same /24 (deliberately).

    3. By jason (TheDudeAbides) on http://www.snakelegs.org

      Also, I'm getting more complaints about deliveries bouncing (customers with buggy servers).

      So, here's what I intend to do with some quick perl:

      1. Generate a weekly password (e.g., "iefup31950").
      2. Stick it in a db file, and
      3. Email it to helpdesk and mail admins.

      Then I'll either modify greyscanner or just use a separate script to:

      4. Scan the greylist "to:" fields for matches on ^password@, and
      5. Whitelist the /24 for the sender ip (most likely by adding to manual whitelist and reloading table, as opposed to using spamdb).

      If a customer has problems, I'll just have them send mail to the password@example.com address, automatically whitelist them, and never have to revisit it (in theory).

    4. By Bob Beck (129.128.11.43) beck@openbsd.org on http://www.humpingforjesus.com/

      > Too bad there isn't a more comprehensive/up-to-date whitelist maintained for the well-known services that use round-robin mail server pools.
      >
      > I know of the whitelist at greylisting.org, it's a good start, but it's now 2 years old and somewhat incomplete.
      >
      > I know, I know... I should step-up instead of whine for stuff...


      Here's what I use, with stuff added to the greylisting.org one.

      having said that, yes, we should have one centrally maintained.
      perhaps I'll think about cleaning this up and adding it with
      an example to an appropriate place in /etc/mail

      -Bob


      # the campus.
      129.128.0.0/16
      142.244.0.0/16

      216.239.32.0/19 # gmail servers
      66.249.64.0/19 # gmail servers
      64.233.160.0/19 # gmail servers
      209.85.128.0/17 # gmail servers
      72.14.192.0/18 # gmail
      # whitelisting entries from puremagic.org - public list of big mailer pools
      12.5.136.141 # Southwest Airlines (unique sender, no retry)
      12.5.136.142 # Southwest Airlines (unique sender, no retry)
      12.5.136.143 # Southwest Airlines (unique sender, no retry)
      12.5.136.144 # Southwest Airlines (unique sender, no retry)
      12.107.209.244 # kernel.org mailing lists (high traffic, unique sender per mail)
      12.107.209.250 # sourceware.org mailing lists (high traffic, unique sender per mail)
      63.82.37.110 # SLmail
      63.169.44.143 # Southwest Airlines (unique sender, no retry)
      63.169.44.144 # Southwest Airlines (unique sender, no retry)
      64.7.153.18 # sentex.ca (common pool)
      64.12.137.0/24 # AOL (common pool) - http://postmaster.aol.com/servers/imo.html
      64.12.138.0/24 # AOL (common pool)
      64.124.204.39 # moveon.org (unique sender per attempt)
      64.125.132.254 # collab.net (unique sender per attempt)
      #64.233.170 # gmail (common server pool)
      #65.82.241.160 # Groupwise?
      66.100.210.82 # Groupwise?
      66.135.209.0/24 # Ebay (for time critical alerts)
      66.135.197.0/24 # Ebay (common pool)
      66.162.216.166 # Groupwise?
      66.206.22.82 # PLEXOR
      66.206.22.83 # PLEXOR
      66.206.22.84 # PLEXOR
      66.206.22.85 # PLEXOR
      66.94.237.0/24 # Yahoo Groups servers (common pool, no retry)
      66.218.66.0/24 # Yahoo Groups servers (common pool, no retry)
      66.218.67.0/24 # Yahoo Groups servers (common pool, no retry)
      66.218.69.0/24 # Yahoo Groups servers (common pool, no retry)
      209.73.160.0/24 # Yahoo
      209.73.164.0/24 # Yahoo
      69.147.64.0/24 # Yahoo
      69.147.65.0/24 # Yahoo
      66.27.51.218 # ljbtc.com (Groupwise)
      #66.89.73.101 # Groupwise?
      #68.15.115.88 # Groupwise?
      152.163.225.0/24 # AOL (common pool)
      194.245.101.88 # Joker.com (email forwarding server)
      195.235.39.19 # Tid InfoMail Exchanger v2.20
      195.238.2.0/24 # skynet.be (wierd retry pattern, common pool)
      195.238.3.0/24 # skynet.be (wierd retry pattern, common pool)
      #204.60.8.162 # Groupwise?
      204.107.120.10 # Ameritrade (no retry)
      205.188.139.136 # AOL (common pool)
      205.188.139.137 # AOL (common pool)
      205.188.144.207 # AOL (common pool)
      205.188.144.208 # AOL (common pool)
      205.188.156.66 # AOL (common pool)
      205.188.157.0/24 # AOL (common pool)
      205.188.159.7 # AOL (common pool)
      205.206.231.0/24 # SecurityFocus.com (unique sender per attempt)
      205.211.164.50 # sentex.ca (common pool)
      207.115.63.0/24 # Prodigy (broken software that retries continually with no delay)
      207.171.168.0/24 # Amazon.com (common pool)
      207.171.180.0/24 # Amazon.com (common pool)
      207.171.187.0/24 # Amazon.com (common pool)
      207.171.188.0/24 # Amazon.com (common pool)
      207.171.190.0/24 # Amazon.com (common pool)
      211.29.132.0/24 # optusnet.com.au (wierd retry pattern and more than 48hrs)
      213.136.52.31 # Mysql.com (unique sender)
      217.158.50.178 # AXKit mailing list (unique sender per attempt

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]