[Greylist-users] Enhancement idea

Graham Chiu compkarori at gmail.com
Wed Mar 9 06:02:08 PST 2005


I just came across this greylisting idea a couple of days ago, and
have already written my own implementation based on Evan's article.

I was getting about 2000+ attempted smtp connections per day, and with
a spamtrap address enabled, about 40 spam were coming thru a day from
trusted servers.

I just tried some extra checking for new triplets.  When they pass the
block, I then drop the connection after I get the mail header, and
reset the block period on that triplet ( currently only 10 seconds ).
I then do a spamcop lookup, on the originating ip address of the mail
as deduced from the received headers.  If it fails spamcop, the next
time the trusted server tries to send it again, I just 550 it.

That seems to have got rid of most of the spam, with only the added
traffic of having to see the headers.


Graham


More information about the Greylist-users mailing list