[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

greylisting and the mailer pool problem


In his Greylisting whitepaper, Evan Harris touches on a problem that I
have run across while running OpenBSDs spamd in greylisting mode.
Namely, if an organisation is using a pool of mail servers to send
legitimate mail, the mail might take a very long time to arrive!

He proposes a solution: record the subnet of the sending mailer
instead of its IP.

I have patched OpenBSDs spamd to do just that.  See attached.  I have
done some minimal testing - it seems to work.  I haven't done any
analysis to see what impact it has, and I don't plan on doing any,
other than ancedotes (ie, hopefully my users won't complain about some
mail taking forever to get here).

Comments welcome.


PS, should I post this to tech@ and/or file a bug report, too?
? libexec/spamd/spamd.cat8
Index: libexec/spamd/grey.c
RCS file: /cvs/src/libexec/spamd/grey.c,v
retrieving revision 1.17
diff -r1.17 grey.c
> extern int gmask;
< 			fprintf(pf, "%s/32\n", addrs[i]);
> 			fprintf(pf, "%s/%d\n", addrs[i], gmask);
>         char            a[128];
>         in_addr_t       addr, mask;
>         u_char          *p;
>         /* apply gmask to ip */
>         if (gmask < 32) {
>                 mask = 0xffffffff << (32 - gmask);
>                 addr = ntohl(inet_addr(ip)) & mask;
>                 addr = htonl(addr);
>                 p = (u_char *) &addr;
>                 sprintf(a, "%u.%u.%u.%u", p[0], p[1], p[2], p[3]);
>                 if (debug)
>                         fprintf(stderr,
>                                 "Grey IP %s masked to %s\n",
>                                 ip, a);
>         } else {
>                 strcpy(a, ip);
>         }
< 	if (asprintf(&key, "%s\n%s\n%s", ip, from, to) == -1)
> 	if (asprintf(&key, "%s\n%s\n%s", a, from, to) == -1)
Index: libexec/spamd/spamd.8
RCS file: /cvs/src/libexec/spamd/spamd.8,v
retrieving revision 1.49
diff -r1.49 spamd.8
< .Op Fl G Ar passtime:greyexp:whiteexp
> .Op Fl G Ar passtime:greyexp:whiteexp:netmask
< .It Fl G Ar passtime:greyexp:whiteexp
< Adjust the three time parameters for greylisting; see
> .It Fl G Ar passtime:greyexp:whiteexp:netmask
> Adjust the three time parameters and subnet mask for greylisting; see
< by connecting IP address, envelope-from, and envelope-to, or "tuple" for
> by connecting IP address masked by
> .Em netmask
> (by default 32), envelope-from, and envelope-to, or "tuple" for
Index: libexec/spamd/spamd.c
RCS file: /cvs/src/libexec/spamd/spamd.c,v
retrieving revision 1.71
diff -r1.71 spamd.c
> int gmask = 32;
< 	    "             [-G mins:hours:hours] [-n name] [-p port]\n");
> 	    "             [-G mins:hours:hours:netmask] [-n name] [-p port]\n");
< 			if (sscanf(optarg, "%d:%d:%d", &passtime, &greyexp,
< 			    &whiteexp) != 3)
> 			if (sscanf(optarg, "%d:%d:%d:%d", &passtime, &greyexp,
> 			    &whiteexp, &gmask) != 4)