[Greylist-users] relay identification

Allan E Johannesen aej at WPI.EDU
Tue Jan 6 08:59:04 PST 2004 

>>>>> "jjd" == James J Dempsey <jjd at jjd.com> writes:

jjd> Allan E Johannesen <aej at wpi.edu> writes:
>> . In a sweep cleaning up stale triples, I collected the IPs of all sites
>> with 2 or more successful relays and stored those.  Things like Yahoo relays
>> will probably appear in such lists.

jjd> What criteria did you use to determine what a "site" was?  I don't think
jjd> you can just assume that IP addresses on the same Class B network are at
jjd> the same site.  Or did your "sweep" do a reverse DNS lookup to see what
jjd> domain they were in?

Sorry, I didn't mean to imply a subnet or name.  I use numeric IP address only.

>> . The filter will accept messages, even the first one, from such "known
>> good" relays.
>> 
>> Does this sound like a violation of the concept?

jjd> I also don't think you can assume that spammers won't use multiple MTAs
jjd> from the same site.

No.  I'm not trying to find out who owns what IPs.

jjd> Maybe what you are really looking for is a mechanism that allows
jjd> subsequent mail from domains where the IP address of one of the members of
jjd> that domain have already been accepted.  That would seem better to me.

That's what I meant to express.  Where it is found that the triplet:

IP-address sender recipient

has had successful prior negotiations through the greylist process (in my case,
I used "2" successes of different triplets from that IP), then I assume that
future email from that IP-address are going to be "OK".  Well, up to a life
time.

Prior greylist negotiations appear to mean that that IP runs an SMTP mechanism
which will retry until success occurs.  Yes, it might still be spam, but I
don't think greylist will do anything to it but delay it for an hour.  It's
still going to hit unless the place gets blacklisted.

jjd> However, I'm not sure I would turn on such an option if implemented.  Why
jjd> take the risk of allowing spam when the only downside is slightly delayed
jjd> email?

Well, to try to avoid hysteria about delayed email.  We appear to have some
cases of that.

Thanks for your thoughts.  I agree it makes me wonder if I'm exposing us to
more spam, but I'm not sure I see how.  That's why I thought I'd ask.

More information about the Greylist-users mailing list