[Greylist-users] relay identification
Evan Harris
eharris at puremagic.com
Tue Jan 6 10:52:51 PST 2004
> I had the thought that any IP which has had a successful relay is probably
> always going to have a successful relay. I made a change:
>
> . In a sweep cleaning up stale triples, I collected the IPs of all sites with 2
> or more successful relays and stored those. Things like Yahoo relays will
> probably appear in such lists.
>
> . The filter will accept messages, even the first one, from such "known good"
> relays.
>
> Does this sound like a violation of the concept?
The only issue I see with this is that it will make it easier for a spammer
to work around the greylisting. All he has to do is send a couple of
messages that eventually get through, before getting his server whitelisted
so he can send all the spam he wants to any user at that server (not just
the users that he got whitelisted from).
Another one of the big attacks spammers are doing is trying to validate
users email addresses, and once his server is whitelisted, he can also then
issue as many validation attempts as he wants, and will get valid answers.
I prefer to only whitelist servers I _know_ are good. Doing it
automatically seems risky.
If your primary concern is places like yahoo with groups of servers, you
should also make sure you have $do_relay_lookup_by_subnet enabled.
Evan
More information about the Greylist-users
mailing list