[Greylist-users] greylisting and VERP

Evan Harris eharris at puremagic.com
Tue Oct 7 17:30:17 PDT 2003 

I did consider doing as you suggest when writing my implementation, but I
decided not to include it since I was very focused on limiting the ways that
spammers could work around greylisting.

If the condensing rules were appropriately crafted, I doubt the exposure
would be very large, and it would probably be a useful addition.  I just
didn't have enough data on the potential formatting of the addresses.

Evan


On Sun, 5 Oct 2003, Ken Raeburn wrote:

> --===============1251120045==
>
> Hi.  I've only just installed relaydelay on my mail server, though
> I've been following the list (via the archive) for a little while.
> Aside from annoying little things like supposedly legitimate mailers
> that never retry, and the delays on VERP with per-message envelope
> senders, it seems like a great scheme.  (At least until the spammers
> all start resending after several hours' delay.)
>
> I'm on more than one list that uses a per-message envelope sender for
> tracking bounces.  And I can't quite agree with the comments in the
> greylisting web page that suggest it's a broken idea.  The
> recommendation in the greylist docs seems to be just to live with the
> delay for every message.
>
> For all the cases I've seen, there's a numeric field present, in one
> of a small number of fairly simple forms:
> liststuff-###-###-###-encodingofmyaddress at host (yahoo groups),
> liststuff-###-addr at host, and occasionally liststuff+M###@host.
>
> Is there some reason not to stick regular expressions for these forms
> someplace and boil them down to a common form?  A "from whom do I have
> mail" script I wrote some time back does this substitution on names
> before doing a unique sort, and it works fairly well:
>
>   | sed -e 's/-[0-9][0-9\-]*-raeburn/-#-raeburn/g' \
>         -e 's/-[0-9][0-9\-]*-kr/-#-kr/g' \
>         -e 's/+M[0-9][0-9]*@/+M#@/g' \
>         -e 's/+M[0-9][0-9]*=/+M#=/g' \
>
> Now, maybe in the Yahoo Groups case, it would make sense to keep the
> group number, except of course that Yahoo Groups is lame enough that
> it needs to be whitelisted.  Still, perhaps replacing a block of
> digits surrounded by dashes, or preceded by "+M" and followed by "@"
> or "=", would let the list messages come through without delay, and
> without opening up the recipient to too much spam?
>
> I guess a spammer could try forging "spammer-1-foo at aol" on one pass
> and "spammer-2-foo at aol" on another pass, to avoid having the same
> identity (which could have gotten marked as a spammer) show up too
> often, and that would get him past the greylist filter with this
> change.  Is that likely to be a big problem?  Maybe it could be a
> per-host or per-envelope-sender-domain substitution, installed (in
> relaydelay.pl, relaydelay.conf, or the database) manually (simple but
> tedious), or automatically by a maintenance script detecting a pattern
> in successfully delivered messages (automatic but hard)?
>
> The general idea seems kind of obvious to me, which makes me figure
> it's probably been considered before.  Am I missing something?  Would
> this not work, or open up the user to too much spam?
>
> Ken
>
> --===============1251120045==
> Content-Type: text/plain; charset="iso-8859-1"
> MIME-Version: 1.0
> Content-Transfer-Encoding: quoted-printable
> Content-Disposition: inline
>
> _______________________________________________
> Greylist-users mailing list
> Greylist-users at lists.puremagic.com
> http://lists.puremagic.com/cgi-bin/mailman/listinfo/greylist-users
>
> --===============1251120045==--
>

More information about the Greylist-users mailing list