[Greylist-users] greylisting and VERP
Erik Clark
eclark4 at gl.umbc.edu
Mon Oct 6 07:56:58 PDT 2003
hm, yes. this has been an issue of much concern for me. im looking at an
average of 300k emails a day to be processed by the greylist on several
hundred servers (so yes, millions of emails a day to be processed), and
the loss of a significant number of emails from unique envelopes on
mailing lists would occur even in a 1 per 10k instance. i personally am
very interested in some suggestions in handling new-envelope mailing lists
with greater reliability. unfortunately, i see this as probably requiring
a lot of fuzzy logic to be built into the regex, and im not so great with
regexpressions.
erik
On Sun, 5 Oct 2003, Ken Raeburn wrote:
> --===============1251120045==
>
> Hi. I've only just installed relaydelay on my mail server, though
> I've been following the list (via the archive) for a little while.
> Aside from annoying little things like supposedly legitimate mailers
> that never retry, and the delays on VERP with per-message envelope
> senders, it seems like a great scheme. (At least until the spammers
> all start resending after several hours' delay.)
>
> I'm on more than one list that uses a per-message envelope sender for
> tracking bounces. And I can't quite agree with the comments in the
> greylisting web page that suggest it's a broken idea. The
> recommendation in the greylist docs seems to be just to live with the
> delay for every message.
>
> For all the cases I've seen, there's a numeric field present, in one
> of a small number of fairly simple forms:
> liststuff-###-###-###-encodingofmyaddress at host (yahoo groups),
> liststuff-###-addr at host, and occasionally liststuff+M###@host.
>
> Is there some reason not to stick regular expressions for these forms
> someplace and boil them down to a common form? A "from whom do I have
> mail" script I wrote some time back does this substitution on names
> before doing a unique sort, and it works fairly well:
>
> | sed -e 's/-[0-9][0-9\-]*-raeburn/-#-raeburn/g' \
> -e 's/-[0-9][0-9\-]*-kr/-#-kr/g' \
> -e 's/+M[0-9][0-9]*@/+M#@/g' \
> -e 's/+M[0-9][0-9]*=/+M#=/g' \
>
> Now, maybe in the Yahoo Groups case, it would make sense to keep the
> group number, except of course that Yahoo Groups is lame enough that
> it needs to be whitelisted. Still, perhaps replacing a block of
> digits surrounded by dashes, or preceded by "+M" and followed by "@"
> or "=", would let the list messages come through without delay, and
> without opening up the recipient to too much spam?
>
> I guess a spammer could try forging "spammer-1-foo at aol" on one pass
> and "spammer-2-foo at aol" on another pass, to avoid having the same
> identity (which could have gotten marked as a spammer) show up too
> often, and that would get him past the greylist filter with this
> change. Is that likely to be a big problem? Maybe it could be a
> per-host or per-envelope-sender-domain substitution, installed (in
> relaydelay.pl, relaydelay.conf, or the database) manually (simple but
> tedious), or automatically by a maintenance script detecting a pattern
> in successfully delivered messages (automatic but hard)?
>
> The general idea seems kind of obvious to me, which makes me figure
> it's probably been considered before. Am I missing something? Would
> this not work, or open up the user to too much spam?
>
> Ken
>
> --===============1251120045==
> Content-Type: text/plain; charset="iso-8859-1"
> MIME-Version: 1.0
> Content-Transfer-Encoding: quoted-printable
> Content-Disposition: inline
>
> _______________________________________________
> Greylist-users mailing list
> Greylist-users at lists.puremagic.com
> http://lists.puremagic.com/cgi-bin/mailman/listinfo/greylist-users
>
> --===============1251120045==--
>
More information about the Greylist-users
mailing list