Tor wrote:
>Instead, I set "return_path" to:
> <sender>=<receiver>=<receiver.domain>=<hmac/md5
>signature>@<sender.domain>
>
This will do the trick with greylisting... But there is a but coming...
But unless you can make sure that those tokens are never exposed,
you are going to become vulnerable again (just look for spam that is
addressed to email/usenet message IDs).
Possible/likely leaks are mailing list archives and even more in this
day and age compromised machines of people you communicated with.
Given the the increasingly close proximity of spammers and worm/virus
authors a rather plausible scenario.
OTOH, this is really as good as it gets w/o shooting yourself in the
(plain) greylisted foot.
Regards,
Christian Balzer
--
Christian Balzer Network/Systems Engineer NOC
chibi@??? Global OnLine Japan/Fusion Network Services
http://www.gol.com/
