[Gross] Excellent program [ feature requests ]

Jesse Thompson jesse.thompson at doit.wisc.edu
Mon Oct 27 21:36:54 EET 2008 

Stefan Förster wrote:
> * Justin Piszcz <jpiszcz at lucidpixels.com> wrote:
>> For RHSBL checks, can we implement the following:
>> - client rhsbl checks (hostname of client)
>> - helo rhsbl checks (what the client says the helo=)
>> - sender rhsbl checks (I assume this is what it does by default)
>>
>> Similar to the following in postfix:
>> - reject_rhsbl_helo
>> - reject_rhsbl_client
>>
>> # 'block_threshold' is the threshold after which grossd sends
>> # a permanent error to the client. Every check that considers client_ip
>> # as suspicious returns a value (check weight). When sum of these
>> # values gets equivalent or greater than 'block_threshold', grossd
>> # sends a STATUS_BLOCK response. Default is 0, which disables
>> # this functionality.
>> # DEFAULT: block_threshold = 0
>> block_threshold = 4
>> - Would it be possible to block if in more than X number of RBLs as well,
>>    regardless of the score?
> 
> I was not confident that the additional logic implemented in grossd
> was a good thing[tm] when grossd came out first: Grossd is a fantastic
> greylisting software, and as such, development efforts should go into
> the two things that grossd really excels at: Greylisting and
> replicating the database - and only those two.
> 
> For things like scoring/weighting hits in DNSBLs, doing HELO/EHLO
> checks and so on, there are programs available which already have the
> functionality to do this: policyd (v2), postfwd and policyd-weight
> come to my mind. Especially postfwd with it's semi Turing-complete
> configuration language is suited very well to return an action like
> "greylisting" and therefore invoke the named smtpd_restriction_class.
> Bloating grossd with the kind of stuff you are suggesting above is not
> a good idea, IMHO. Unix philsophy is "One tool, one job" - and that's
> for a _reason_.
> 
> Now this said, there might be reasons to do this for the people
> running grossd with Sendmail, SMSJ or other MTAs. For Postfix, all of
> this is completely unnecessary and better left to tools explicitely
> designed for the task.

If you take away the "scoring/weighting hits in DNSBLs, doing HELO/EHLO
checks and so on" GROSS would be only GRO.

The other programs you mention might be perfectly capable, but
weighted/conditional blacklisting/greylisting works better if you can
use multiple criteria in the calculation.  So, Gross would be better if
it either implements some of those features, or comes up with a way to
integrate with these programs.

Jesse

-- 
  Jesse Thompson
  Division of Information Technology, University of Wisconsin-Madison
  Email/IM: jesse.thompson at doit.wisc.edu

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3353 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.utu.fi/pipermail/gross/attachments/20081027/23e186a1/attachment.bin>

More information about the Gross mailing list