[Greylist-users] Greylisting, Whitelisting, and SPF

Yiorgos Adamopoulos adamo at central.tee.gr
Thu Jun 23 23:50:03 PDT 2005



IMarvinTPA wrote:
> in.  I saw a bunch for AOL and Yahoo, who both support SPF.  Would it make
> sense to have another "domain" whitelist that looks up the SPF records for
> those domains and whitelists them in?  This way the Greylist whitelist
> doesn't become stale when the ISPs move servers around.

I use graymilter from http://www.acme.com and the whitelist from 
puremagic.com.  Initially I had a similar need like yours and hacked 7 
lines[*] into graymilter to allow it to whitelist domains via 
tcp_wrappers .A line like

graymilter: .ebay.com, .amazon.com : ALLOW

in /etc/hosts.allow.  But this can easily get out of hand if you are not 
very careful and because some times the DNS schema of certain ISPs does 
not help you make such decisions easily.

On the other hand what you are proposing can be implemented on a 
greylisting software independently of the/any whitelist.  And just to be 
sure that even if the whitelist becomes stale, you are still 
operational, have your software decide first based upon DNS/SPF records 
and if that fails, then via the whitelist.

My EUR0.02

- Yiorgos -

[*] http://www.dbnet.ece.ntua.gr/~adamo/hacks/graymilter.html


More information about the Greylist-users mailing list