[Greylist-users] Greylist improvement: the canary

Bob Beck beck at bofh.cns.ualberta.ca
Fri Feb 27 10:55:51 PST 2004


>So, as long as no legitimate user somehow sends email is sent to a canary 
>address or as long as no legitimate smtp server is used to send email to a 
>canary address, it seems like no email will be blocked that should get 
>through. And I don't think there is a good way for spammers to come up with 
>countermeasures.
>
>Any body have thoughts or suggestions?

	I already do this, it's the common use of a "spamtrap" address. 
I use it by using relaydb (see http://www.benzedrine.cx/relaydb.html) 
and nominating everything sent to these addreses as spam with relaydb.

	You would have a problem with crap mailed via a legitimate
server, but that's what tools like relaydb are for - it scans the
headers for the host *past* the last known good host - so if you have
f'rinstance a big mail server that normally sends you lots of legit
mail, which is then on the relaydb whitelist, some way a piece of spam
gets sent to a spamtrap (or "canary") through it, it is not
blacklisted, the host that sent it *to* the legitimate mailserver is
blacklisted.

        I run my relaydb blacklist ahead of my greylisting, in other
words, if mail gets relaydb blacklisted, that server is tarpitted.
if you're not on a blacklist, you're a candidate and can talk to the
greylisting daemon. 

	    -Bob


More information about the Greylist-users mailing list