Re: [exim] greylisting

Top Page
Delete this message
Reply to this message
Author: Dmitry Samersoff
Date:  
To: David Woodhouse
CC: exim users, Ian P. Christian
Subject: Re: [exim] greylisting
David,

I think SQL for graylist is totally overkill.

Check this implementation:
http://www.beastsoft.net/cgi-bin/hg/hgwebdir.cgi/greyd/

-Dmitry

David Woodhouse wrote:
> On Thu, 2009-06-11 at 13:41 +0100, Ian P. Christian wrote:
>> 2009/6/8 David Woodhouse <dwmw2@???>:
>>> I'd suggest reading http://wiki.exim.org/SimpleGreylisting -- the prose
>>> sets out some things that you may want to think about regardless of
>>> which greylisting implementation you use, and then there's an example
>>> Exim configuration which shouldn't suffer most of the stupid problems
>>> that postgrey does.
>> There's actually a flaw in this implementation here.
>
> Er, thanks for dropping me from Cc when you criticize my work...! :)
>
>> # Generate a hashed 'identity' for the mail, as described above.
>> warn set acl_m_greyident =
>> ${hash{20}{62}{$sender_address$recipients$h_message-id:}}
>>
>> Because it's common at the moment to get a mail to someone sent from
>> their own address without a message ID, hash clashes occour.
>
> Yeah, at the time I first implemented this I was just rejecting all mail
> without a Message-Id, so it wasn't much of an issue.
>
>> I'm currently not sure of the best way to deal with this - perahps
>> adding the Subject line into the hash...
>
> That seems like it would be a reasonable thing to do. Is it enough,
> though? A lot of spam messages have the same subject line too.
>
> What else could we include -- bearing in mind that we have to be sure
> that it _won't_ get changed by the sending MTA between retry attempts. I
> suppose we could use the full From:, To: and Cc: headers -- and maybe
> also the Date: header?
>
>> Perhaps I should just block mail sent from someone, to themselves,
>> with a null message ID.
>
> You could use PRVS and just reject _all_ mail which is faked to appear
> as if it's from your own addresses, surely?
>



--
Dmitry Samersoff
dms@???, http://devnull.samersoff.net
* There will come soft rains ...