spamd and whitelisting blocks of IPs - BSD

This is a discussion on spamd and whitelisting blocks of IPs - BSD ; I'm wondering if there's a way to have spamd automatically whitelist *blocks* of addresses? Why: various large email providers (gmail comes to mind) will resend the (greylisted) email on different outgoing SMTP servers. Since I don't get enough email to ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: spamd and whitelisting blocks of IPs

  1. spamd and whitelisting blocks of IPs

    I'm wondering if there's a way to have spamd automatically
    whitelist *blocks* of addresses?

    Why: various large email providers (gmail comes to mind) will
    resend the (greylisted) email on different outgoing SMTP servers.
    Since I don't get enough email to populate all the outgoing SMTP
    servers as whitelist entries, it's a pain. Also, I don't want to
    be micromanaging the email server to see which IP addresses are
    getting through and which ones aren't and manually adding them
    to the whitelist.

    How: I'd propose a flag on the command line, that gives the CIDR
    prefix (the "/nn" value) for blocks of addresses. So, you'd
    specify something like -X24 and this would basically view all
    ip addresses /24 as being "the same" for the purposes of
    whitelisting. Thus, an attempt on 1.2.3.4 and 1.2.3.5 would be
    considered as two attempts on the "same" IP address...

    Thoughts?

    Cheers,
    -RK

    --
    Robert Krten, Antique computer collector looking for PDP-series
    minicomputers; check out their "good home" at www.parse.com/~museum
    Email address is valid; greylisting spam filter in effect.

  2. Re: spamd and whitelisting blocks of IPs

    rk@parse.com (Robert Krten) writes:

    > I'm wondering if there's a way to have spamd automatically
    > whitelist *blocks* of addresses?


    spamd.conf(5) says:

    The format of the list of addresses is expected to consist of one network
    block or address per line (optionally followed by a space and text that
    is ignored). Comment lines beginning with # are ignored. Network blocks
    may be specified in any of the formats as in the following example:

    # CIDR format
    192.168.20.0/24
    # A start - end range
    192.168.21.0 - 192.168.21.255
    # As a single IP address
    192.168.23.1

    Is this not working?

    // marc

  3. Re: spamd and whitelisting blocks of IPs

    Marco S Hyman wrote:
    > rk@parse.com (Robert Krten) writes:


    > > I'm wondering if there's a way to have spamd automatically
    > > whitelist *blocks* of addresses?


    > spamd.conf(5) says:


    > The format of the list of addresses is expected to consist of one network
    > block or address per line (optionally followed by a space and text that
    > is ignored). Comment lines beginning with # are ignored. Network blocks
    > may be specified in any of the formats as in the following example:


    > # CIDR format
    > 192.168.20.0/24
    > # A start - end range
    > 192.168.21.0 - 192.168.21.255
    > # As a single IP address
    > 192.168.23.1


    > Is this not working?


    You missed the word "automatically" from my post... :-)

    Suppose 1.2.3.4 tries to send mail, and gets greylisted. 15 minutes later,
    the same ISP, but on a different SMTP server, say 1.2.3.5 tries to resend the
    mail. Then again on 1.2.3.6. After a few hours of going through all the
    SMTP servers, it gives up. The mail doesn't get delivered.

    What I'm proposing is to add the -X (or whatever) option that allows me
    to specify a CIDR block so that the addresses 1.2.3.4, 1.2.3.5, and 1.2.3.6
    are all "recognized" as if they were the same address -- that is, the third
    attempt, the one from 1.2.3.6, will cause the entire block to be whitelisted,
    automatically...

    Does that clarify it?

    I don't think it presents significant harm, because the default can be 32,
    meaning that each address is its own block. Even with a value of 24 that
    is usually ok, it will catch class C blocks and would solve my example
    problem of 1.2.3.4 through 1.2.3.6

    Cheers,
    -RK

    --
    Robert Krten, Antique computer collector looking for PDP-series
    minicomputers; check out their "good home" at www.parse.com/~museum
    Email address is valid; greylisting spam filter in effect.

  4. Re: spamd and whitelisting blocks of IPs

    Robert Krten wrote:
    > Marco S Hyman wrote:
    > > rk@parse.com (Robert Krten) writes:


    > > > I'm wondering if there's a way to have spamd automatically
    > > > whitelist *blocks* of addresses?


    > > spamd.conf(5) says:


    > > The format of the list of addresses is expected to consist of one network
    > > block or address per line (optionally followed by a space and text that
    > > is ignored). Comment lines beginning with # are ignored. Network blocks
    > > may be specified in any of the formats as in the following example:


    > > # CIDR format
    > > 192.168.20.0/24
    > > # A start - end range
    > > 192.168.21.0 - 192.168.21.255
    > > # As a single IP address
    > > 192.168.23.1


    > > Is this not working?


    > You missed the word "automatically" from my post... :-)


    And I may not have specified a key point -- I don't know the IP address
    in advance; otherwise, sure, like you surmized, I'd simply whitelist the
    entire class C address...

    [snip]

    Cheers,
    -RK
    --
    Robert Krten, Antique computer collector looking for PDP-series
    minicomputers; check out their "good home" at www.parse.com/~museum
    Email address is valid; greylisting spam filter in effect.

  5. Re: spamd and whitelisting blocks of IPs

    rk@parse.com (Robert Krten) writes:

    > You missed the word "automatically" from my post... :-)


    Ahh, got it. What I've done is use a variation of the list published on
    greylisting.org -- http://www.greylisting.org/whitelisting.shtml -- to
    seed my whitelist file. It contains the address blocks of some of the
    common mail pools.

    // marc

+ Reply to Thread