[Greylist-users] greylisting and VERP
Ken Raeburn
raeburn at raeburn.org
Sun Oct 5 23:13:38 PDT 2003
Hi. I've only just installed relaydelay on my mail server, though
I've been following the list (via the archive) for a little while.
Aside from annoying little things like supposedly legitimate mailers
that never retry, and the delays on VERP with per-message envelope
senders, it seems like a great scheme. (At least until the spammers
all start resending after several hours' delay.)
I'm on more than one list that uses a per-message envelope sender for
tracking bounces. And I can't quite agree with the comments in the
greylisting web page that suggest it's a broken idea. The
recommendation in the greylist docs seems to be just to live with the
delay for every message.
For all the cases I've seen, there's a numeric field present, in one
of a small number of fairly simple forms:
liststuff-###-###-###-encodingofmyaddress at host (yahoo groups),
liststuff-###-addr at host, and occasionally liststuff+M###@host.
Is there some reason not to stick regular expressions for these forms
someplace and boil them down to a common form? A "from whom do I have
mail" script I wrote some time back does this substitution on names
before doing a unique sort, and it works fairly well:
| sed -e 's/-[0-9][0-9\-]*-raeburn/-#-raeburn/g' \
-e 's/-[0-9][0-9\-]*-kr/-#-kr/g' \
-e 's/+M[0-9][0-9]*@/+M#@/g' \
-e 's/+M[0-9][0-9]*=/+M#=/g' \
Now, maybe in the Yahoo Groups case, it would make sense to keep the
group number, except of course that Yahoo Groups is lame enough that
it needs to be whitelisted. Still, perhaps replacing a block of
digits surrounded by dashes, or preceded by "+M" and followed by "@"
or "=", would let the list messages come through without delay, and
without opening up the recipient to too much spam?
I guess a spammer could try forging "spammer-1-foo at aol" on one pass
and "spammer-2-foo at aol" on another pass, to avoid having the same
identity (which could have gotten marked as a spammer) show up too
often, and that would get him past the greylist filter with this
change. Is that likely to be a big problem? Maybe it could be a
per-host or per-envelope-sender-domain substitution, installed (in
relaydelay.pl, relaydelay.conf, or the database) manually (simple but
tedious), or automatically by a maintenance script detecting a pattern
in successfully delivered messages (automatic but hard)?
The general idea seems kind of obvious to me, which makes me figure
it's probably been considered before. Am I missing something? Would
this not work, or open up the user to too much spam?
Ken
More information about the Greylist-users
mailing list