Milter-greylist

----- Original Message ----- 
From: <manu@...>
To: <milter-greylist@yahoogroups.com>
Sent: Wednesday, April 05, 2006 11:58 PM
Subject: [milter-greylist] "Dark-grey"listing dynamic IP address


> Filtering on reverse DNS name with three 0-255 numbers sounds therefore
> a good idea. The drawback is that you will catch power users that send
> from their home machines, and SME using SMTP appliances.

That's why I suggested to only lengthen the delay for those addresses, and 
not completely block them...

Actually, these power users should normally have installed some regular MTA, 
featuring the ability of relaying mail from the outside.

That mean they should commonly have port 25 open on their computers, 
available for SMTP connections.

Even if that MTA is not available for open-relaying, could we just check if 
something is open on port 25 (with a consistent greeting message) on the 
sender's IP address, without actually trying to send any message through 
them, and decide to lighten back the greylisting on that basis ?

This process would be done, of course, only on those addresses already 
assumed to be dynamic ...

I think there are a lot of chances that spammers use some other mean to 
inject their spam inside their botnets : they apparently very often use 
quite complex distributed spamming techniques that let me thinking they 
should access their own botnet with some non standard protocols, and also 
they have no reason to build a complete MTA inside their engines. Their 
botnets are normally specialized in sending spam, not regular mails from 
regular mailers.

This may be not very realistic, of course, I suppose, but I am just trying 
to find a way to more accurately differentiate between regular MTAs and 
spammers botnets ...

Gingko