[Greylist-users] Possible Enhancements
Jason 'XenoPhage' Frisvold
friz at godshell.com
Tue Jan 25 12:59:20 PST 2005
Scott Nelson wrote:
>If you're going to go to the trouble of connecting to the MX,
>you might as well go the extra step and check if the return address
>is valid, and if it's not, then reject the email.
>
>
Possibly...
>This may or may not be a good idea from a block spam point of view,
>but is it really an enhancement to greylisting?
>Seems like a completely different and unrelated technique to me.
>
>
The biggest complaint about greylisting is the initial 1 hour delay when
the sender is new to the database. By doing a reverse DNS lookup on the
IP the connection is sourcing from, checking for an MX record, and
possibly doing a callback, you can prevent this 1 hour delay. Insert
the IP address into the database with an expiration time, and any
further connects from that IP will pass through without any interruption.
If the source really is a mail server, then delaying for an hour is
pointless. You have a pretty good idea that the server will be retrying
the messages.
It may be possible to bypass the callback altogether and merely look for
an MX record. The advantage is that you save some time by not calling
the originating server back. On the downside, spammers can,
conceivably, put mx records in dns. However, the majority of zombies
wouldn't be able to pass through that test because there's virtually no
way for them to create an mx record.
Should the mx/callback test fail, you greylist like you normally would.
This would also cut down the database size, esp. for large deployments.
>Scott Nelson <scott at spamwolf.com>
>
>
Keep in mind, Im just bouncing around ideas.. Feedback is always
welcome.. :)
--
---------------------------
Jason 'XenoPhage' Frisvold
Engine / Technology Programmer
friz at godshell.com
RedHat Certified - RHCE # 803004140609871
MySQL Pro Certified - ID# 207171862
MySQL Core Certified - ID# 205982910
---------------------------
"Something mysterious is formed, born in the silent void. Waiting alone and unmoving, it is at once still and yet in constant motion. It is the source of all programs. I do not know its name, so I will call it the Tao of Programming."
More information about the Greylist-users
mailing list