Results 1 to 3 of 3

Thread: Greylisting and a new approach ?

  1. #1
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,016
    Rep Power
    24

    Default Greylisting and a new approach ?

    Recently I have been introduced to Welcome to the Home of OSSEC (which is a great tool) and thought about a different use for it. It already has a decoder/ruleset for Postfix so instead of issuing a iptables block from a command action why not inject the source IP address into a greylisting table ossec already has its own timeout capability which could be used to delete the entry after a pre-determined time.

    Thoughts ?

  2. #2
    dave_kempe is offline Partner (VAR/HSP)
    Join Date
    Sep 2005
    Location
    Sydney, Australia
    Posts
    291
    Rep Power
    9

    Default

    If you are concerned about a host to use OSSEC, then maybe iptables is a better approach. greylisting is not like the same door-slamming effect of simply dropping traffic from a suspect host.
    http://www.solutionsfirst.com.au/hosting/zimbra/
    Australia's premier Zimbra Hosting Partner
    Resellers wanted!

  3. #3
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,016
    Rep Power
    24

    Default

    Thanks for the response. I do not wish to "slam the door" but temporarily stem the inbound traffic from a bot or rooted server. I could just run a greyserver and let that apply the rules to all inbound traffic; though I have been burnt by that before. By using the method I have indicated it would only apply greylisting to specific inbound servers. Perhaps apply a 450 for 5 minutes, but keep a track of the IP, and if they connect again within a certain time period steadily increase the greylisting time.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [SOLVED] Send mails to MTAs using greylisting
    By rouven in forum Administrators
    Replies: 10
    Last Post: 01-20-2011, 10:51 AM
  2. Improving spam filtering
    By inigoml in forum Administrators
    Replies: 67
    Last Post: 09-10-2009, 12:23 AM
  3. Recent spam increase & greylisting
    By grunty in forum Administrators
    Replies: 0
    Last Post: 04-18-2008, 02:37 AM
  4. Upgrade to 5.02 and greylisting question.
    By Miklos Kalman in forum Administrators
    Replies: 4
    Last Post: 02-11-2008, 11:56 AM
  5. greylisting / trying to edit main.cf
    By vitrum in forum Administrators
    Replies: 2
    Last Post: 01-15-2006, 10:00 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •