Milter-greylist

> I know that most spammers use now relays on dynamic IP addresses.
> I know also that it is difficult to clearly identify dynamic IP addresses.
> Even if we can identify these dynamic IP addresses, some of them can 
> nevertheless host "legitimate" (i.e. not used for spamming) MTA engines.
> 
> But we can make an assumption with a something like 95 - 99% certainty that
> a given address is dynamic : for example by just looking at the digits
> groups inside its reverse DNS name. I we can find four (maybe even only
> three) different digits groups with any separators, and if none of them fall
> outside the range 0 - 255, I think that there is a lot of chances that the
> corresponding IP address is dynamic.

I just realized that the reverse DNS is something out of control of the
botnet spammer. 

Filtering on reverse DNS name with three 0-255 numbers sounds therefore
a good idea. The drawback is that you will catch power users that send
from their home machines, and SME using SMTP appliances.

You could send a permanent error with an URL on which you'd tell that
you are okay to whitelist the IP on request. You can even do it
automatically by a web form with a challenge to check the visitor is not
a bot.

That looks efficient. I'll try it.
 
-- 
Emmanuel Dreyfus
Le cahier de l'admin BSD 2eme ed. est dans toutes les bonnes librairies
http://www.eyrolles.com/Informatique/Livre/9782212114638/livre-bsd.php
manu@...