OpenBSD Journal

Bolt-on blacklist/whitelist/graylist solution for Postfix

Contributed by grey on from the DIY postfix improvements dept.

Fred Scott Thompson writes:

Since OpenBSD ships with an older version of Postfix, I added the web form and cgi processing necessary to add black white and graylisting to the mail delivery system and modified my custom filter script to request that the recipient vouch for suspicious senders. A brief explanation and the code that does it is available here.

Readers should also make note of Postgrey available in ports. Additionally, the ports tree has relatively up to date Postfix snapshots. And of course, there have been other greylisting stories mentioned previously for different MTA's.

(Comments are closed)

  1. By Peter Hessler ( on

    god dammit, I absolutly *HATE* TMDA style solutions. those are worse than regular spam.

    1. By Peter Hessler ( on

      the rest of the article is fairly good though.

    2. By Matt ( on

      Excuse me for my ignorance... but what is TMDA?

      I don't think it's Tunisian Muscular Dystrophy Association...
      but do you mean Target Management and Development Application or Theory/Modeling & Data Analysis?



      1. By djm@ ( on

        Your ignorance would be excused if the first match on google for TMDA wasn't obviously what the article is talking about.

        1. By Matt ( on

          Absolutely... unfortunately, trying to be smarter than I just proved to be I searched for "acronym + TMDA" which brought up the other suggestions.
          Hence my confusion.


          1. By Matt ( on

            ..and I just noticed it is also used for "Too Many Damn Acronyms" :-)

          2. By Anonymous Coward ( on

            there is for the lazy

        2. By jose ( on

          don't be a jerk, djm ... not everyone's as up to date as you are. you can correct and educate using more polite tactics.

    3. By djm ( on

      TMDA can be useful. E.g. I use it to allow non-subscribers to post to a mailing list. Subscribed users go straight-through, non-subscribers have a one-time challenge-response step. This is much lower hassle for users than subscribing to post and has reduced spam to zero since it was implemented (~4 months ago).

      I agree that it is awful when applied to individuals though.

      1. By Peter Hessler ( on

        Hmm. That's not that bad of an idea. Although, my mailing lists are low enough in traffic, that I can approve/deny them individually.

      2. By mirabile ( on

        One-time? lol, tell that djb

        Three posts to his mailing list, three challenges.
        That's worse than people blocking dial-ups and not offering v6.

        1. By Luiz Gustavo ( on

          If I remember well someone wrote an application to take care of his TDMA-like system and yes It's annoying.

          1. By Han ( on

            Here it is:

  2. By chas ( on

    spamd can protect any mta. You could even run spamd, then let successful connects pipe through to a separate exchange server. Why reinvent the wheel?

    1. By Terrell Prude', Jr. ( on

      Because he can, and that's the way that *he* thought of to accomplish his goal. I see nothing wrong with having more than one solution to a problem; to the contrary, I love it. The fact that FreeBSD, NetBSD, OpenBSD, and GNU/Linux--all Free Software platforms--all exist and are thriving shows that this can be a very good thing. Since we're talking about mail servers, the fact that sendmail, Postfix, and qmail all exist is another such example.

      Pretty soon, we're going to have two major LDAP servers which are Free Software. The first is, of course, OpenLDAP. The second is the Apache Directory Server. Again, a good thing.

      Multiple minds/groups have always been better about coming up with efficient solutions. That's how science and technology advance; more than one idea comes up, and the best idea--for that task--tends to get used more often. What's wrong with that?

      1. By Chas ( on

        What's wrong with that?

        Because spamd a) has been audited, b) is efficient, and c) requires no action by the sender. Not so for the proposed code.


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]