[Greylist-users] Re: A Greylisting idea.

[Evan Harris]

> I read your paper and I like the idea, and was in fact thinking of
> implementing a simplified version of it before I saw your paper.

Thanks for the feedback.  Please join the users list to participate in the
discussions there at http://lists.puremagic.com/.  I am forwarding your
message there, as well as this response.

> First, lists.  There's a perl module which is quite effective at
> determining if an email came from a list by examining the headers.
> Admittedly, you won't have the headers the first time an email is
> delivered, but you can have the MTA detect it on retry, and have the
> milter module add a wildcard entry permanently whitelisting that mailing
> list.

The key problem with that approach is that anything in the headers can be
easily forged.  Since the code is open, once spammers become wise to this
method, they can easily adapt their mail headers to take advantage of this.

> Adding wildcards to the database shouldn't be hard, just do it in
> the sendmail method and have the first lookup check for
> "fromfield IN ('senderuser at senderdomain",'@senderdomain')".  Does that

The example code already allows manual whitelisting by IP, subnet, full
recipient address, domain, and subdomain.

> Second, the MTA that blows out if all the RCPT TO:s fail:  What MTA is
> that?  I've only seen spamware fal own that way.  Have you considered
> having the milter code override the error code if RCPT TO:s failed?  Is it
> even possible to do this using the milter interface?

I've noticed at least one system where this happens, and I've been trying to
get in contact with the administrator of the system that sent it to find out
about what their mail system is, but no luck yet.

Evan