Re: [exim] greylisting

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: David Woodhouse
Data:  
Para: Ian P. Christian
CC: exim users
Assunto: Re: [exim] greylisting
On Thu, 2009-06-11 at 13:41 +0100, Ian P. Christian wrote:
> 2009/6/8 David Woodhouse <dwmw2@???>:
> > I'd suggest reading http://wiki.exim.org/SimpleGreylisting -- the prose
> > sets out some things that you may want to think about regardless of
> > which greylisting implementation you use, and then there's an example
> > Exim configuration which shouldn't suffer most of the stupid problems
> > that postgrey does.
>
> There's actually a flaw in this implementation here.


Er, thanks for dropping me from Cc when you criticize my work...! :)

> # Generate a hashed 'identity' for the mail, as described above.
> warn set acl_m_greyident =
> ${hash{20}{62}{$sender_address$recipients$h_message-id:}}
>
> Because it's common at the moment to get a mail to someone sent from
> their own address without a message ID, hash clashes occour.


Yeah, at the time I first implemented this I was just rejecting all mail
without a Message-Id, so it wasn't much of an issue.

> I'm currently not sure of the best way to deal with this - perahps
> adding the Subject line into the hash...


That seems like it would be a reasonable thing to do. Is it enough,
though? A lot of spam messages have the same subject line too.

What else could we include -- bearing in mind that we have to be sure
that it _won't_ get changed by the sending MTA between retry attempts. I
suppose we could use the full From:, To: and Cc: headers -- and maybe
also the Date: header?

> Perhaps I should just block mail sent from someone, to themselves,
> with a null message ID.


You could use PRVS and just reject _all_ mail which is faked to appear
as if it's from your own addresses, surely?

-- 
David Woodhouse                            Open Source Technology Centre
David.Woodhouse@???                              Intel Corporation