Milter-greylist

This is interesting, but is it really doable?

My understanding (limited as it is), is that greylisting works so  
well, is because it keeps the whitelist in memory. Once you introduce  
db's or external files, that memory footprint could explode.

Then what about when those files get updated? or someone introduces a  
concept of 'on the fly' whitelisting (outside of greylist)... ie  
poprelayd or non-standard smtp-auth.

It just feels like these changes could impede performance.

Bill

On Jan 11, 2006, at 12:55 PM, manu@... wrote:

> Lawren Quigley-Jones <lawrenqj@...> wrote:
>
>> I haven't given it a whole lot of thought, but the problem with  
>> the rcpt
>> list is that poprelayd whitelists the entire IP not just for a given
>> username.  I think it would get complicated.
>
> Well the idea to merge poprelayd with ACL is to tell milter- 
> greylist to
> check poprelayd only for some users (or IP, or whatever the ACL  
> allows)
>
> This would tell milter-greylist to whitelist if the sender IP  
> address is
> in DB file "/foo/bar" and recipient is toto@...
>
> While we are there, we could also have flat files:
> acl whitelist addr file "/foo/bar.txt" rcpt toto@...
>
> And we could do it for other keywords:
> acl whitelist rcpt file "recipients.txt"
>
> And we could also have support for checking against a DNSRBL:
> acl greylist addr dns "dnsrbl.example.net"
>
> Of course in order to get decent performances, we should build a  
> list of
> external config sources (bdb, file...) when parsing the ACL, and check
> addr, domain, rcpt and from against all the sources before evaluating
> the ACL.
>
> That's a rather intrusive change. I'm ok to work on it, but I'd like
> feedback of other users for the design.
>
> -- 
> Emmanuel Dreyfus
> Un bouquin en français sur BSD:
> http://www.eyrolles.com/Informatique/Livre/9782212114638/livre-bsd.php
> manu@...
>
>
>
> Yahoo! Groups Links
>
>
>
>
>
>
>