[Greylist-users] Greylist improvement: the canary
Bob Beck
beck at bofh.cns.ualberta.ca
Fri Feb 27 10:55:51 PST 2004
>So, as long as no legitimate user somehow sends email is sent to a canary
>address or as long as no legitimate smtp server is used to send email to a
>canary address, it seems like no email will be blocked that should get
>through. And I don't think there is a good way for spammers to come up with
>countermeasures.
>
>Any body have thoughts or suggestions?
I already do this, it's the common use of a "spamtrap" address.
I use it by using relaydb (see http://www.benzedrine.cx/relaydb.html)
and nominating everything sent to these addreses as spam with relaydb.
You would have a problem with crap mailed via a legitimate
server, but that's what tools like relaydb are for - it scans the
headers for the host *past* the last known good host - so if you have
f'rinstance a big mail server that normally sends you lots of legit
mail, which is then on the relaydb whitelist, some way a piece of spam
gets sent to a spamtrap (or "canary") through it, it is not
blacklisted, the host that sent it *to* the legitimate mailserver is
blacklisted.
I run my relaydb blacklist ahead of my greylisting, in other
words, if mail gets relaydb blacklisted, that server is tarpitted.
if you're not on a blacklist, you're a candidate and can talk to the
greylisting daemon.
-Bob
More information about the Greylist-users
mailing list