On Sun, 30 Jan 2005 19:52:31 -0800
Marc MERLIN <marc_news@???> wrote:
> On Thu, Jan 20, 2005 at 02:43:12PM +0000, Dennis Davis wrote:
> > On Thu, 20 Jan 2005, Oliver Egginger wrote:
> >
> > > From: Oliver Egginger <oliver.egginger@???>
> > > To: Jeanne Schock <jschock@???>
> > > Cc: Exim User's Mailing List <exim-users@???>
> > > Date: Thu, 20 Jan 2005 15:33:05 +0100
> > > Subject: Re: [exim] greylisting
> > >
> > > You have to implement an additional state machine, which coexists
> > > in front of your MTA. For doing this you need a database (mysql
> > > for example) where you can store a triple of ip address, sender
> > > address and recipient address for incomming connections.
> >
> > See:
> >
> > http://projects.puremagic.com/greylisting/
> >
> > for a useful source of material. In particular the links page
> > contains pointers to various implementations for exim. Can't
> > comment any further as I don't use greylisting.
>
> I apologize for everyone who already knows about this :)
>
> http://marc.merlins.org/linux/exim/sa.html#greylisting
>
> The main idea is that I don't think you want to greylist everyone, and
> greylisting at RCPT TO causes some problems with VERP, so you only
> greylist people who you're not sure are spammers or good folks.
>
> Out of curiosity, does anyone know of other adaptive greylisting
> implementations (i.e. you let most mails through without delay, refuse
> the clear spammers right away, and only greylist people in the middle)
I have a resend boolean field. That way the if the email is resent, it
is never greylisted again. Of course that is only good for that
recipient. Also the IP field uses x.x.x.0/24 to account for the fact
that many companies send mail from multiple IPs. I agree that
greylisting can be quite restrictive. I lowered the time interval to 5
minutes because I noticed that most spammers never resend.
