So as some of you know, I've been playing with Greylisting recently.
Greylisting is the practice of telling a server that tries to deliver mail with a certain "tuple" (say, sender's-server-ip,
sender's-email-address, recipient-email-address). "Okay, let's see if you follow the standards, and retry this address for
an hour." Programs that spammers use to send mail, such as Dark Mailer, just fire fast and continuously, and do not
If the same tuple comes up an hour later, it's let through.
However, this gets annoying for most people because it makes email that-much less instant.
There are two solutions here:
First, is that upon a successful delivery (i.e. a retry-after-an-hour with a matching tuple, the server can then WHITELIST
you (i.e. not force you to delay again -- as long as a message is between that recipient, that sender, and from that mail
The second, is that the program I'm using milter-greylist, lets you
ALSO make use of DNS blacklists, so that the default policy is "let mail through, unless they're on this list, then make
them wait an hour"
So, recently, I started using one of the most obnoxious blacklists I could find (APEWS,
formerly the SPEWS blacklist), on my inbound mail port, 25.
Spews (Site Archive HERE) has had a reputation
for being obnoxious, hard-to-get-off-of, and has had a reputation for listing entire carriers if even a small segment were
spammish. APEWS follows in a similar suit. Normally, only an insane person would use it to blacklist people.
Fortunately, one of the cool things about Greylisting, is that it can turn what would normally be a high-collateral-damage
blacklist into something perfectly serviceable (so odd to hear a ferret say serviceable...). Mail's not actually rejected,
just told "come back later". (Of course, there ARE some blacklists that I actually use as BLACKLISTS -- but those are the
more carefully maintained ones.)
My normal "MSA" on port 587 did not have the restriction (since the MSA requires that you auth), so even if
spammers know I'm listening on port 587 they can't send anything to it.
Here's what I've discovered:
1) There are still a few ISPs out there who are not blocking port 25, outbound (they SHOULD!).
2) Those users that were ON those ISPs, are also listed in APEWS (probably BECAUSE those ISPs don't block things).
3) My auth-detector wasn't working properly (the port 25 users were authing, but the greylist wasn't recognizing it) and was
thus giving the message meant for mail servers to a few of you.
Of course, I've fixed it.
Maybe at some point I'll make a flowchart for all this stuff, and how my mail works.