[prev in list] [next in list] [prev in thread] [next in thread] 

List:       postfix-users
Subject:    Re: Preferred/maintained greylisting options?
From:       Ralph Seichter <abbot () monksofcool ! net>
Date:       2020-05-21 20:42:45
Message-ID: 87imgpkoje.fsf () wedjat ! horus-it ! com
[Download RAW message or body]

* Charles Sprickman:

> I've been sort of opposed to greylisting in the past due to a userbase
> that's sensitive to delays, but… the spam is worse.

Yeah, delays... Used to be people understood the difference between
asynchronous messaging (i.e. email) and instant messaging. Nowadays it
seems that no day goes by without somehing along these lines:

  "Hi. We have not seen you login using this browser, this IP address or
  during this week. Therefore we have just sent you an email containing
  a verification code, which will remain valid for 10 minutes."

Nevermind that the web session times out after 5 minutes, but hey, it's
the *thought* about security that counts. :-P

In any case, time-based greylisting croaks with this scenario. The
solution for our machines is Postscreen, for which I want to thank
Wietse once again on this occasion. The logs show a large number of
thwarted spam attempts while time-sensitive email passes unhindered.
Personally, I cannot think of a better solution when you are using
Postfix.

-Ralph
[prev in list] [next in list] [prev in thread] [next in thread]