Re: [exim] Extending greylisting

Pàgina inicial
Delete this message
Reply to this message
Autor: Richard Clayton
Data:  
A: exim-users
Assumpte: Re: [exim] Extending greylisting
In message <20060118161208.0279b55c@???>, Alun
<auj@???> writes

>I've had an idea that could make greylisting more useful
>in the presence of spammers that retry. I thought I'd publicise
>it somewhere to see what people think.


why not on an anti-spam mailing list ? here it's hit and miss whether
you get good advice or not :(

>Spammers are starting to use retries to get around the greylisting
>system


of course they are, too many people have deployed it. It was only ever a
bodge -- and it has a number of problems when the sender doesn't operate
in a mainstream manner :(

>For RCPT commands, record in a database the sender, recipient, IP,
>time first seen and status. Do this for all valid and invalid senders
>and recipients. "status" is "GOOD" or "BAD", for existing or
>non-existing local recipient addresses respectively. If you want
>to be cute, you could also record "BAD" for non-existant senders,
>using whatever sender verification procedures you care to.
>
>Now, when a host retries, you can query its (attempted) submission
>history to get an idea of its intentions.


What you will do is to block major ISP mail systems, because they have
insecure customers and are therefore sending you a lot of spam.

Unfortunately they are also sending you a lot of good stuff as well, but
you will assume that it is spam.

Now that may suit you, but you're just creating headaches (and queues)
for everyone else, so overall I don't think it's a very good idea. At
least with greylisting the advice is that once a remote site has retried
once it is dumb to keep on delaying them because they are either one of
the good guys or they are wise to your subterfuge. Either way, you're
wasting your time (and delaying your customer's email) by continuing to
greylist them.

>In fact, any host with a high count of new addresses in the past
>few minutes may well be suspect.


or lots of your students have joined the same mailing list :( or
major.isp has moved their email server to a new IP address....

- -- 
richard                                                   Richard Clayton


Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755