Author: John W. Baxter Date: To: exim-users Subject: Re: [exim] SPAM Filtering - Losing the war!
On 10/26/06 5:58 AM, "Ian FREISLICH" <if@???> wrote:
> Here, the greylist feeds a whitelist because any host that passes
> the greylist test need not ever be greylisted again.
We didn't want to go that way, because of "accidental" passing of the
greylisting (the engine trying again within expiration time). We saw a
bunch of that just under a year ago with THAT VIRUS (whatever its names
were--the fairly convincing FBI, etc thing).
It may be time to revisit that, but perhaps using a count of the passed
messages after the initial greylist pass. (Our database could be mined for
that pretty easily. Hmmm.)
[We rolled our own greylisting when we started, since none of the available
solutions seemed robust at that time. Our Python daemon which does the work
has an unkown mean time between crashes, since the servers are restarted too
often for security updates for us to see daemon crashes.]