[Greylist-users] relay identification

Tue Jan 6 07:13:52 PST 2004

Allan E Johannesen <aej at wpi.edu> writes:
> . In a sweep cleaning up stale triples, I collected the IPs of all sites with 2
>   or more successful relays and stored those.  Things like Yahoo relays will
>   probably appear in such lists.

What criteria did you use to determine what a "site" was?  I don't think you
can just assume that IP addresses on the same Class B network are at the
same site.  Or did your "sweep" do a reverse DNS lookup to see what domain
they were in?

> . The filter will accept messages, even the first one, from such "known good"
>   relays.
> 
> Does this sound like a violation of the concept?

I also don't think you can assume that spammers won't use multiple MTAs from
the same site.

Maybe what you are really looking for is a mechanism that allows subsequent
mail from domains where the IP address of one of the members of that domain
have already been accepted.  That would seem better to me.

However, I'm not sure I would turn on such an option if implemented.  Why
take the risk of allowing spam when the only downside is slightly delayed
email?

                       --Jim Dempsey--
                         jjd at jjd.com
                       http://jjd.com/