GPS vs GLD (greylisting)

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
31 messages Options
12
Reply | Threaded
Open this post in threaded view
|

GPS vs GLD (greylisting)

Arturo 'Buanzo' Busleiman
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Dear group,

I want to get away from postgrey.

I have two choices:
http://www.gasmi.net/gld.html
http://mimo.gn.apc.org/gps/

GLD is in Gentoo AND Ubuntu Server's repositories.
GPS is not, but seems quite better.

Any comments?

- --
Arturo "Buanzo" Busleiman
Reliable inter-continental Mail Relay Service - Ask me!
Independent Security Consultant - SANS - OISSG
http://www.buanzo.com.ar/pro/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIH0PhAlpOsGhXcE0RCtAFAJ9/lsCFHP0n6CSfNOMMGI/RD2WTkwCfSmsJ
9FWsv2Iz6rdmKsBqOO3b0Zk=
=KhL4
-----END PGP SIGNATURE-----
Reply | Threaded
Open this post in threaded view
|

Re: GPS vs GLD (greylisting)

Leonardo Rodrigues Magalhães


Arturo 'Buanzo' Busleiman escreveu:
>
> I want to get away from postgrey.
>
> I have two choices:
> http://www.gasmi.net/gld.html
> http://mimo.gn.apc.org/gps/
>
    dont forget to check policyd !!

http://policyd.sourceforge.net

    cant say anything about GPS because i never used. I have used gld
for some time, but it simply couldnt handle medium to high loads. I
would recommend avoid gld.

--


        Atenciosamente / Sincerily,
        Leonardo Rodrigues
        Solutti Tecnologia
        http://www.solutti.com.br

        Minha armadilha de SPAM, NÃO mandem email
        [hidden email]
        My SPAMTRAP, do not email it




Reply | Threaded
Open this post in threaded view
|

Re: GPS vs GLD (greylisting)

Ralf Hildebrandt
In reply to this post by Arturo 'Buanzo' Busleiman
* Arturo 'Buanzo' Busleiman <[hidden email]>:
> Dear group,
>
> I want to get away from postgrey.

Why? Does it work too well? Blasphemer! :)

--
Ralf Hildebrandt ([hidden email])          [hidden email]
Postfix - Einrichtung, Betrieb und Wartung       Tel. +49 (0)30-450 570-155
http://www.arschkrebs.de
The best answer when anybody asks you if you're any good with
explosives is to hold up two open hands and simply say "Ten".
Reply | Threaded
Open this post in threaded view
|

Re: GPS vs GLD (greylisting)

Tony Holmes
In reply to this post by Leonardo Rodrigues Magalhães
> Arturo 'Buanzo' Busleiman escreveu:
> >
> >I want to get away from postgrey.
> >
> >I have two choices:
> >http://www.gasmi.net/gld.html
> >http://mimo.gn.apc.org/gps/
> >
>    dont forget to check policyd !!
>
> http://policyd.sourceforge.net

My hearty agreement with policyd - super easy to set up and
works amazingly.

--
Tony Holmes

Ph: (416) 993-1219

Founder and Senior Systems Architect
Crosswinds Internet Communications Inc.
Reply | Threaded
Open this post in threaded view
|

Re: GPS vs GLD (greylisting)

Jason Pruim
In reply to this post by Arturo 'Buanzo' Busleiman

On May 5, 2008, at 1:29 PM, Arturo 'Buanzo' Busleiman wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Dear group,
>
> I want to get away from postgrey.
>
> I have two choices:
> http://www.gasmi.net/gld.html
> http://mimo.gn.apc.org/gps/
>
> GLD is in Gentoo AND Ubuntu Server's repositories.
> GPS is not, but seems quite better.
>
> Any comments?

Not one you listed, but have you looked at ASSP[1]? Works great on my  
server and offers more then greylisting.

[1]http://www.asspsmtp.org/wiki/Welcome

--

Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
3251 132nd ave
Holland, MI, 49424-9337
www.raoset.com
[hidden email]



Reply | Threaded
Open this post in threaded view
|

Re: GPS vs GLD (greylisting)

Arturo 'Buanzo' Busleiman
In reply to this post by Ralf Hildebrandt
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Ralf Hildebrandt wrote:
| * Arturo 'Buanzo' Busleiman <[hidden email]>:
|> Dear group,
|>
|> I want to get away from postgrey.
|
| Why? Does it work too well? Blasphemer! :)

It works great, except that it's Perl based, and Gentoo and Ubuntu started experiencing certain
issues with libdb4.4 applications. I know it's not postgrey's fault, I really do, but I also want
something not perl-based.

GPS is C++ based, and can use postgresql, mysql and sqlite. And it's designed for ISPs. For example,
frm the start-up, you can configure many server instances of it to share the same greylisting
database. Quite cool.

- --
Arturo "Buanzo" Busleiman
Reliable inter-continental Mail Relay Service - Ask me!
Independent Security Consultant - SANS - OISSG
http://www.buanzo.com.ar/pro/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIH0pcAlpOsGhXcE0RColiAJsEyhXJkiD+k0mY3XaJIBAEVJ9yeACeLANF
1pqnSz5+CORK9gvFGlwcgok=
=veq8
-----END PGP SIGNATURE-----
Reply | Threaded
Open this post in threaded view
|

Re: GPS vs GLD (greylisting)

Tony Holmes
In reply to this post by Jason Pruim
> Not one you listed, but have you looked at ASSP[1]? Works great on my  
> server and offers more then greylisting.
>
> [1]http://www.asspsmtp.org/wiki/Welcome

I used it once with disastrous results on a cpanel and non-cpanel server.

I don't blame ASSP per se but when I could get policdy up and tweaked in
minutes and working and failed to get ASSP (with help from forums and author)
I never looked back - YMMV

--
Tony Holmes

Ph: (416) 993-1219

Founder and Senior Systems Architect
Crosswinds Internet Communications Inc.
Reply | Threaded
Open this post in threaded view
|

Re: GPS vs GLD (greylisting)

Jason Pruim

On May 5, 2008, at 1:58 PM, Tony Holmes wrote:

>> Not one you listed, but have you looked at ASSP[1]? Works great on my
>> server and offers more then greylisting.
>>
>> [1]http://www.asspsmtp.org/wiki/Welcome
>
> I used it once with disastrous results on a cpanel and non-cpanel  
> server.
>
> I don't blame ASSP per se but when I could get policdy up and  
> tweaked in
> minutes and working and failed to get ASSP (with help from forums  
> and author)
> I never looked back - YMMV

That's really odd... I wonder if the cpanel version is different? I  
had mine setup and running in minutes, and filtering probably 90%  
right out of the box...


--

Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
3251 132nd ave
Holland, MI, 49424-9337
www.raoset.com
[hidden email]



Reply | Threaded
Open this post in threaded view
|

Re: GPS vs GLD (greylisting)

Arturo 'Buanzo' Busleiman
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Jason Pruim wrote:
| That's really odd... I wonder if the cpanel version is different? I had
| mine setup and running in minutes, and filtering probably 90% right out
| of the box...

I'd prefer to avoid ASSP (or Hermes, I mentioned it last week). I think I'll choose GPS, even though
it's not in any package repository.

Thanks group!

- --
Arturo "Buanzo" Busleiman
Reliable inter-continental Mail Relay Service - Ask me!
Independent Security Consultant - SANS - OISSG
http://www.buanzo.com.ar/pro/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIH02qAlpOsGhXcE0RCvrBAJ41r8ZeJHBfQ3T+xaDsgD39HfxbqQCcC6oD
7GiaVRJUB4xGbYCbLU4GDGs=
=YYg/
-----END PGP SIGNATURE-----
Reply | Threaded
Open this post in threaded view
|

Re: GPS vs GLD (greylisting)

Aaron Wolfe

On Mon, May 5, 2008 at 2:10 PM, Arturo 'Buanzo' Busleiman <[hidden email]> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Jason Pruim wrote:
| That's really odd... I wonder if the cpanel version is different? I had
| mine setup and running in minutes, and filtering probably 90% right out
| of the box...

I'd prefer to avoid ASSP (or Hermes, I mentioned it last week). I think I'll choose GPS, even though
it's not in any package repository.

Thanks group!


Did you consider sqlgrey? http://sqlgrey.sourceforge.net/
Works good for me, but I wonder if another system might work even better?

-Aaron

Reply | Threaded
Open this post in threaded view
|

Re: GPS vs GLD (greylisting)

mouss-2
Aaron Wolfe wrote:
> [snip]
>
> Did you consider sqlgrey? http://sqlgrey.sourceforge.net/
> Works good for me, but I wonder if another system might work even better?
>
>  

Arturo doesn't want perl/python/php/...

policyd is a good choice. It's a mono-thread/process daemon  written in
C, and has been in ISP environments.

Reply | Threaded
Open this post in threaded view
|

Re: GPS vs GLD (greylisting)

Tony Holmes
In reply to this post by Jason Pruim
> That's really odd... I wonder if the cpanel version is different? I  
> had mine setup and running in minutes, and filtering probably 90%  
> right out of the box...

I attempted both a cpanel and non-cpanel install but failed miserably -
cpanel uses exim, my other systems use postfix - I was hoping to use
ASSP for the nice panel for management but it was only getting about
50% of the spam and tagging about 30% of non-spam as spam... was
not good :)

Since it was on 2 systems I have to chock it up to maybe getting a
bad build OR doing the same stupid thing twice :)

Who knows?

But as I said I dropped back to postfix+policyd+SA/ClamAV and have not
looked back since it took a very short period of time. 97% of spam is
nailed by policyd, SA/Clamv is very good at getting the rest.

--
Tony Holmes

Ph: (416) 993-1219

Founder and Senior Systems Architect
Crosswinds Internet Communications Inc.
Reply | Threaded
Open this post in threaded view
|

Re: GPS vs GLD (greylisting)

Ralf Hildebrandt
In reply to this post by Arturo 'Buanzo' Busleiman
* Arturo 'Buanzo' Busleiman <[hidden email]>:

> It works great, except that it's Perl based, and Gentoo and Ubuntu
> started experiencing certain issues with libdb4.4 applications. I know
> it's not postgrey's fault, I really do, but I also want something not
> perl-based.

Granted.

--
Ralf Hildebrandt ([hidden email])          [hidden email]
Postfix - Einrichtung, Betrieb und Wartung       Tel. +49 (0)30-450 570-155
http://www.arschkrebs.de
Usenet should require licenses; licenses that can be revoked.
Reply | Threaded
Open this post in threaded view
|

Re: GPS vs GLD (greylisting)

dryden
In reply to this post by Arturo 'Buanzo' Busleiman
On Monday 05 May 2008 13:56:44 Arturo 'Buanzo' Busleiman wrote:

> Ralf Hildebrandt wrote:
> | * Arturo 'Buanzo' Busleiman <[hidden email]>:
> |> Dear group,
> |>
> |> I want to get away from postgrey.
> |
> | Why? Does it work too well? Blasphemer! :)
>
> It works great, except that it's Perl based, and Gentoo and Ubuntu started
> experiencing certain issues with libdb4.4 applications. I know it's not
> postgrey's fault, I really do, but I also want something not perl-based.

I've had reasonable luck with SQLGrey using sqlite on Gentoo.  I should note
that I don't run a high-volume mail installation though.
Reply | Threaded
Open this post in threaded view
|

Re: GPS vs GLD (greylisting)

Arturo 'Buanzo' Busleiman
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

[hidden email] wrote:
| I've had reasonable luck with SQLGrey using sqlite on Gentoo.  I should note
| that I don't run a high-volume mail installation though.

I process approximately 5 thousand emails per day (10-12k total, taking into account all two servers).

Is that high, mid, or low volume?


- --
Arturo "Buanzo" Busleiman
Reliable inter-continental Mail Relay Service - Ask me!
Independent Security Consultant - SANS - OISSG
http://www.buanzo.com.ar/pro/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIH6moAlpOsGhXcE0RCk66AJ4wBitWThM9z2nxcs8Fjk9nOlQDcQCfRYNi
TyevPGIAbIk9NZ9ghRoNouY=
=7tTX
-----END PGP SIGNATURE-----
Reply | Threaded
Open this post in threaded view
|

Re: GPS vs GLD (greylisting)

Aaron Wolfe


On Mon, May 5, 2008 at 8:43 PM, Arturo 'Buanzo' Busleiman <[hidden email]> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512


[hidden email] wrote:
| I've had reasonable luck with SQLGrey using sqlite on Gentoo.  I should note
| that I don't run a high-volume mail installation though.

I process approximately 5 thousand emails per day (10-12k total, taking into account all two servers).

Is that high, mid, or low volume?


I think low volume.  I use SQLgrey, postfix, etc to process about 400 thousand messages per day with a single server, and I usually consider that a smaller installation.

-Aaron
Reply | Threaded
Open this post in threaded view
|

Re: GPS vs GLD (greylisting)

Arturo 'Buanzo' Busleiman
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Aaron Wolfe wrote:
| I think low volume.  I use SQLgrey, postfix, etc to process about 400
| thousand messages per day with a single server, and I usually consider
| that a smaller installation.

Excellent. With what hardware do you process that amount? I really appreciate your input.


- --
Arturo "Buanzo" Busleiman
Reliable inter-continental Mail Relay Service - Ask me!
Independent Security Consultant - SANS - OISSG
http://www.buanzo.com.ar/pro/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIH7QHAlpOsGhXcE0RCitgAJ466Zkjh7KK+ZLgreK5xz8eAV2RBwCeKRw3
gD433Y4TrnA+O6Ppoi7IzgQ=
=Iz0D
-----END PGP SIGNATURE-----
Reply | Threaded
Open this post in threaded view
|

Re: GPS vs GLD (greylisting)

Aaron Wolfe


On Mon, May 5, 2008 at 9:27 PM, Arturo 'Buanzo' Busleiman <[hidden email]> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Aaron Wolfe wrote:
| I think low volume.  I use SQLgrey, postfix, etc to process about 400
| thousand messages per day with a single server, and I usually consider
| that a smaller installation.

Excellent. With what hardware do you process that amount? I really appreciate your input.


we use a pretty basic server:  hp dl380 (g4 or 5.. not sure, its a few yrs old though) with 2x 3ghz xeons and 4gb ram.  it does have the 64xx raid controller but that probably isn't necessary.   load is 3-5 average during the day,  normal I think for a busy 2x dual core machine (it thinks it has 4 cpus). the load is primarily due to using SA on the mail that gets past all the uce checks in postfix/sqlgrey. 

 regards,
Aaron



- --
Arturo "Buanzo" Busleiman
Reliable inter-continental Mail Relay Service - Ask me!
Independent Security Consultant - SANS - OISSG
http://www.buanzo.com.ar/pro/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIH7QHAlpOsGhXcE0RCitgAJ466Zkjh7KK+ZLgreK5xz8eAV2RBwCeKRw3
gD433Y4TrnA+O6Ppoi7IzgQ=
=Iz0D
-----END PGP SIGNATURE-----

Reply | Threaded
Open this post in threaded view
|

Re: GPS vs GLD (greylisting)

Ralf Hildebrandt
In reply to this post by Arturo 'Buanzo' Busleiman
* Arturo 'Buanzo' Busleiman <[hidden email]>:
> [hidden email] wrote:
> | I've had reasonable luck with SQLGrey using sqlite on Gentoo.  I should note
> | that I don't run a high-volume mail installation though.
>
> I process approximately 5 thousand emails per day (10-12k total, taking into account all two servers).
>
> Is that high, mid, or low volume?

I'd say it's low volume. I have about 45.000 per server here and I
consider myself "mid volume"

--
Ralf Hildebrandt ([hidden email])          [hidden email]
Postfix - Einrichtung, Betrieb und Wartung       Tel. +49 (0)30-450 570-155
http://www.arschkrebs.de
"I had a fortune cookie the other day and it said: 'Outlook not so
good'. I said: 'Sure, but Microsoft ships it anyway'."
Reply | Threaded
Open this post in threaded view
|

Re: GPS vs GLD (greylisting)

Simone Felici
In reply to this post by Arturo 'Buanzo' Busleiman
Arturo 'Buanzo' Busleiman ha scritto:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Dear group,
>
> I want to get away from postgrey.
>
> I have two choices:
> http://www.gasmi.net/gld.html
> http://mimo.gn.apc.org/gps/
>
> GLD is in Gentoo AND Ubuntu Server's repositories.
> GPS is not, but seems quite better.
>
> Any comments?
>


Hi!

I use GPS, why?

- It's in C++ (ok, maybe perl works better)
- I've installed it on another server and can share the greylist DB to my 3 frontend servers
- My postfix installation (2.3.3-2) cannot handle a down of MySQL DB (it's still so with new postfix?). It means if the greylist-DB goes down, postfix
stop to work. With GPS the daemon answer with a DUNNO if the server is not reachable, very important for me for a fail-over installation

My servers process more or less 6.500.000 mails per day. Of them ONLY 170.000 mails are accepted, the rest is, in order:
- blocked by RBLs (65%)
- blocked by greylist (30%)
- blocked by other causes (not found, mailbox full, other reasons) (5%)

My front-end servers are poor on HW, need to replace them (Celeron 2GHz - 1GB RAM).
Same Hardware on my greylist server. This needs to be replaced asap, because the daily DB maintenance (remove old greylist entries) takes about 3 or 4
hours. Meanwhile all mails are *not* checked with greylist service.

I've tested different solutions too, but I think GPS is the ONLY can handle multiple client istances (share DB) and have a right answer in case the
DB-Server is not reachable.

Hope it helps,

Bye, Simon




--
Simone Felici                    E-Mail: [hidden email]
Divisione Tecnica                Tel:    0461 030 111
Alpikom S.p.A.                   Fax:    0461 030 112
v.Fersina, 23 - 38100 Trento     URL:    http://www.alpikom.it
12