[Greylist-users] relay identification
Allan E Johannesen
aej at WPI.EDU
Tue Jan 6 08:59:04 PST 2004
>>>>> "jjd" == James J Dempsey <jjd at jjd.com> writes:
jjd> Allan E Johannesen <aej at wpi.edu> writes:
>> . In a sweep cleaning up stale triples, I collected the IPs of all sites
>> with 2 or more successful relays and stored those. Things like Yahoo relays
>> will probably appear in such lists.
jjd> What criteria did you use to determine what a "site" was? I don't think
jjd> you can just assume that IP addresses on the same Class B network are at
jjd> the same site. Or did your "sweep" do a reverse DNS lookup to see what
jjd> domain they were in?
Sorry, I didn't mean to imply a subnet or name. I use numeric IP address only.
>> . The filter will accept messages, even the first one, from such "known
>> good" relays.
>> Does this sound like a violation of the concept?
jjd> I also don't think you can assume that spammers won't use multiple MTAs
jjd> from the same site.
No. I'm not trying to find out who owns what IPs.
jjd> Maybe what you are really looking for is a mechanism that allows
jjd> subsequent mail from domains where the IP address of one of the members of
jjd> that domain have already been accepted. That would seem better to me.
That's what I meant to express. Where it is found that the triplet:
IP-address sender recipient
has had successful prior negotiations through the greylist process (in my case,
I used "2" successes of different triplets from that IP), then I assume that
future email from that IP-address are going to be "OK". Well, up to a life
Prior greylist negotiations appear to mean that that IP runs an SMTP mechanism
which will retry until success occurs. Yes, it might still be spam, but I
don't think greylist will do anything to it but delay it for an hour. It's
still going to hit unless the place gets blacklisted.
jjd> However, I'm not sure I would turn on such an option if implemented. Why
jjd> take the risk of allowing spam when the only downside is slightly delayed
Well, to try to avoid hysteria about delayed email. We appear to have some
cases of that.
Thanks for your thoughts. I agree it makes me wonder if I'm exposing us to
more spam, but I'm not sure I see how. That's why I thought I'd ask.
More information about the Greylist-users