[Greylist-users] greylisting and VERP
eharris at puremagic.com
Tue Oct 7 17:30:17 PDT 2003
I did consider doing as you suggest when writing my implementation, but I
decided not to include it since I was very focused on limiting the ways that
spammers could work around greylisting.
If the condensing rules were appropriately crafted, I doubt the exposure
would be very large, and it would probably be a useful addition. I just
didn't have enough data on the potential formatting of the addresses.
On Sun, 5 Oct 2003, Ken Raeburn wrote:
> Hi. I've only just installed relaydelay on my mail server, though
> I've been following the list (via the archive) for a little while.
> Aside from annoying little things like supposedly legitimate mailers
> that never retry, and the delays on VERP with per-message envelope
> senders, it seems like a great scheme. (At least until the spammers
> all start resending after several hours' delay.)
> I'm on more than one list that uses a per-message envelope sender for
> tracking bounces. And I can't quite agree with the comments in the
> greylisting web page that suggest it's a broken idea. The
> recommendation in the greylist docs seems to be just to live with the
> delay for every message.
> For all the cases I've seen, there's a numeric field present, in one
> of a small number of fairly simple forms:
> liststuff-###-###-###-encodingofmyaddress at host (yahoo groups),
> liststuff-###-addr at host, and occasionally liststuff+M###@host.
> Is there some reason not to stick regular expressions for these forms
> someplace and boil them down to a common form? A "from whom do I have
> mail" script I wrote some time back does this substitution on names
> before doing a unique sort, and it works fairly well:
> | sed -e 's/-[0-9][0-9\-]*-raeburn/-#-raeburn/g' \
> -e 's/-[0-9][0-9\-]*-kr/-#-kr/g' \
> -e 's/+M[0-9][0-9]*@/+M#@/g' \
> -e 's/+M[0-9][0-9]*=/+M#=/g' \
> Now, maybe in the Yahoo Groups case, it would make sense to keep the
> group number, except of course that Yahoo Groups is lame enough that
> it needs to be whitelisted. Still, perhaps replacing a block of
> digits surrounded by dashes, or preceded by "+M" and followed by "@"
> or "=", would let the list messages come through without delay, and
> without opening up the recipient to too much spam?
> I guess a spammer could try forging "spammer-1-foo at aol" on one pass
> and "spammer-2-foo at aol" on another pass, to avoid having the same
> identity (which could have gotten marked as a spammer) show up too
> often, and that would get him past the greylist filter with this
> change. Is that likely to be a big problem? Maybe it could be a
> per-host or per-envelope-sender-domain substitution, installed (in
> relaydelay.pl, relaydelay.conf, or the database) manually (simple but
> tedious), or automatically by a maintenance script detecting a pattern
> in successfully delivered messages (automatic but hard)?
> The general idea seems kind of obvious to me, which makes me figure
> it's probably been considered before. Am I missing something? Would
> this not work, or open up the user to too much spam?
> Content-Type: text/plain; charset="iso-8859-1"
> MIME-Version: 1.0
> Content-Transfer-Encoding: quoted-printable
> Content-Disposition: inline
> Greylist-users mailing list
> Greylist-users at lists.puremagic.com
More information about the Greylist-users