[Greylist-users] default timeout values - what do people suggest

Bob Beck beck at bofh.cns.ualberta.ca
Tue Feb 24 10:12:21 PST 2004

>Have you thought about using random ranges rather than fixed 
>values? So say pass time is given as a range, say "30 to 120 minutes",
>and the program choses some random value in this range, so it 
>makes it harder for an opponent to optimise for a fixed value.
>A bit like using random number in packet IDs or start sequence 

	Hmm. that's really easy for me to do, but the question is do
you think it will actually be effective? Don't forget that if they
actually queue and retry at all, they can simply use the same
parameters as a traditional MTA, and we will have to take the mail
anyway - At that point I'm at "let my other tools handle it" (as a
cross myself saying "bmf - relaydb - procmail" at each point :)

      I.E. I could randomly vary the retry, but once you've implemented
a queue retry in your spam spewer, all you have to do is retry for 4 hours
anyway, and my random delay will no longer matter.


More information about the Greylist-users mailing list