[Greylist-users] greylist lib in C? + several Q's
Ken Raeburn
raeburn at raeburn.org
Thu Sep 2 08:37:49 PDT 2004
"William Blunn" <bill--greylist at blunn.org> writes:
> Of course the problem you have now is inertia, conservatism and
> faith-leaping.
Also a lack of manpower to deploy and maintain it.
Greylisting seems to require at least some level of monitoring, in
case a new legitimate but misconfigured site shows up on the radar.
(Like the new /24 network for ... I think it was Yahoo? that started
getting used recently.) Some of the work, like what database queries
to make to look for certain patterns, can be automated, but a human
has to review it in the end and make the decision. Skimming the data
occasionally to look for other patterns not already detected probably
would be wise, too. ("Oh, I've been handling VERP addresses with dash
followed by a decimal number, but look, this site's using a plus, and
this other site's using a hexadecimal number.")
Then of course there's the question of local privacy policies. Are
you allowed to keep track of the fact that foo at example.com and
bar at example.edu have been communicating at least once a month for the
past two years? Or precisely when such email last came through? Even
if the information isn't intended to be made public, there's the
question of what should exist at all that certain administrators (or
intruders, or law enforcement officials) might get access to. Simply
rolling out implementation X may cause you to collect data in
violation of a strong school/company policy.
Some amount of user configuration would be wanted (e.g., so a prof can
be sure that his students can send in homework at the last minute,
even from non-whitelisted offsite accounts, by turning off
Greylisting, or at least being able to edit his own personal whitelist
of sender ids), that means web forms and command-line tools and access
control checks and such, presumably tied in to the custom system we
already use for managing mailing lists and user accounts. All of that
means development effort.
Like many US schools, we've had to cut back a bit recently, and the
network group was no exception. I have very little hope for any
interesting new spam reduction scheme getting deployed any time soon.
We've barely gotten spamassassin deployed -- and even that's in "mark
the headers" mode, they won't reject messages or generate bounces,
which means any false positives have to be handled by reviewing your
spam periodically. (Which is how some people probably prefer it, but
we don't get the choice.)
Ken
More information about the Greylist-users
mailing list