Re: [exim] greylisting question

Top Pagina
Delete this message
Reply to this message
Auteur: John W. Baxter
Datum:  
Aan: Exim User's Mailing List
Onderwerp: Re: [exim] greylisting question
On 12/30/2004 2:06, "Marc MERLIN" <marc_news@???> wrote:

> On Thu, Dec 30, 2004 at 03:27:26PM +1100, Andrew wrote:
>> Hi Everyone,
>>
>> I have a question about how grey-listing handles multiple rcpt's (to a
>> single address) -
>>
>> eg (SMTP transaction)
>> helo me.me
>> ...
>> mail from: me@???
>> ....
>> rcpt to: userx@???
>> rcpt to: usery@???
>> rcpt to: userxy@???
>
> I actually made the choice in my implementation (based on SpamAssassin),
> to accept the mail if any of the tuplets made with the receipients is
> whitelisted.
> Not only does it solve your problem, but I also believe it is the
> correct thing to do: greylisting isn't about delaying mail no matter
> what, but to stop spam.
> If one of the tuplets already received mail, the sending mail server
> will resend to all the other ones sooner or later, so you might as well
> accept it now
>

Hmmm...that isn't a bad idea. (In our greylisting implementation, the
recipients before the whitelisted recipient would already have been
rejected...we could stop checking upon seeing a success fairly easily.)

Your idea is vulnerable to a spammer which doesn't retry, but did happen to
send a second message whose tuple matches a prior message to at least one of
your users before the expiration time you use. After a multi-recipient
message accepted by your rules, you would have tuples for every recipient in
your database (unless you explicitly avoid doing that).

--John