[nycbug-talk] greytrapping without greylisting?

[Okan Demirmen]

On Fri 2007.11.02 at 14:25 -0700, Mark Sams wrote:
> Sorry I am such a noob at all this grey stuff that I am probably asking
> the wrong thing, or maybe you gave me the answer and I just don't
> understand. I have an email address
> 
> fishk at domain.com
> 
> (that never existed and is unused - its not a valid address) that receives spam from spambots
> every day.  I would like to blacklist/trap the IP address that sent
> that email - as that same IP is sending hundreds of spam messages as well. I believe this is exactly what greytrapping does, but then
> I would have to enable greylisting which would cause all "normal"
> client emails to be delayed the first time when greylisting issues the
> 451 message. My clients wouldn't understand why some of their inbound emails are delayed.
> 
> Is there a simple way to blacklist/trap the ip that is sending to fishk at domain.com and I don't need greytrapping at all?

well, not with OpenBSD's spamd, or any port/derivative of it. there may
be a milter of sorts out there that may do this.

but if you want to do something on your own; you could use the access_db
to reject the mail, parse the mail log every X minutes (or with sec to
do realtime) and look for rejected mails and grab the ip.  toss that in
a pf table and now you can block on it; then use pfctl's expire option
to limit how long that will stick around.

note i mentioned "sec" - this is a VERY handy tool, and something that
would be able to take care of all these steps for you (apart from 1000's
of other uses).

there are other ways to do this, e.g. using relaydb and some other
combinations of hacks.

i don't know of a "standard"/"boxed" way of doing what you want.

report back if you come up with a nifty solution.

cheers,
okan