SMTP IP Address Blocking - Greylisting

Use this forum if you want to suggest a new feature to hMailServer. Before posting, please search the forum to confirm that it has not already been suggested.
Post Reply

Do you need this feature?

Yes
4
100%
No
0
No votes
 
Total votes: 4

tocpcs
New user
New user
Posts: 12
Joined: 2008-02-26 13:58

SMTP IP Address Blocking - Greylisting

Post by tocpcs » 2008-02-26 14:36

Hopefully the title is good.

What I have in mind is taking the greylisting database, and any IP that has predominantly been greylisted, should not be allowed to open connections.

This would basically be a method of ignoring connection requests from particular IPs so they can't connect.

The feature would require IPs to be logged to a file / database / stored in memory, and any IP that gets greylisted repeatedly will not be allowed to connect.

Feature should be able to be enabled / disabled as per choice.

The reason for this request is Australian bandwidth is expensive bandwidth, don't need spammers sucking it down with blocked greylisted attempts.

Reverse DNS might also be visible in a UI feature so that all blocked IP addresses and the reverse DNS, and the date of the block commencement can be viewed.

That is, unless there's a better idea to stop all the relay attempts, and stop the greylisted IPs coming back much later on and trying again (only to get greylisted again).

EDIT:

Found a better idea.
If a user creates n-or more errors in one SMTP connection, the game is over for them, any further communications should be denied.

This stops:
Authentication attacks.
Address guessing spam.
.. and anything else that can result in an error.

Adminstrator can view a UI item to see all blocked IPs, to ensure nothing bad has been blocked (so if its legitimate, and they view it within 24 hours, the email will generally be resent by the other server).

^DooM^
Site Admin
Posts: 13861
Joined: 2005-07-29 16:18
Location: UK

Post by ^DooM^ » 2008-02-26 15:16

You can use this PHP script I wrote to search and view greylisting entries.

http://www.hmailserver.com/forum/viewtopic.php?t=6698

I agree some form of brute force/spam attempt protection would be useful although greylisting itself takes up little bandwidth and saves you a hell of a lot of bandwidth as opposed to not having it all.

redrummy
Senior user
Senior user
Posts: 370
Joined: 2007-06-21 06:52
Location: Alaska

Post by redrummy » 2008-02-26 18:56

Of course it would make it doubly important to have the big server farms (gmail/hotmail/yahoo/etc.) in your greylist whitelist (lots of different from addresses and IP's)...

Post Reply