Milter-greylist

Emmanuel Dreyfus wrote:
> Hi
> 
> Recently I saw a new kind of spam. The messages contain a text part with 
> nonsense that are obviosuly here to ruin bayesian filtering. The words 
> are non-spam words, and if the user classify the message as spam, the 
> bayesian filter efficiency will go down.
> 
> The message also contains an image, which carry the spam message. Because
> the spam message is in an image, it is unreachable for bayesian filters.
> 
> That's not a real problem for me because I don't use bayesian filtering. 
> I am more worried by the fact that a lot of such message get through 
> milter-greylist.
> 
> Headers show that the message come from DSL and cable pools, so IMO it's
> from a botnet. X-Greylist header reports that the sender retried only one
> time and after 5 minutes and a few seconds. My greylist delay is 5 mn, 
> so I wonder if this is a coincidence, or if the spam engine reads the
> text message in the SMTP reply that says "please come back in 00:05:00".
> 
> Do we have to face spam engine that implement resends? What is your 
> experience with that problem? 
> 
> I will try raising the greylist parameter (delay before the mail is accepted)
> from 5 mn to 30 mn. If that does not cure the problem, it probably means
> we have to hunt for new ideas again and code a new tool. Any suggestion
> is welcome.
> 

Hi,

I think SPF (see www.openspf.org)  may be a googd idea to use.
Whitelist if SPF returns "Pass", reject if SPF returns "Fail"
and in the other cases greylist. The time should depend on the return 
value of SPF 5 min if SPF returns "Neutral" or "none" and
1h if SPF returns "Softfail" or Errors.

cu

	Michael


-- 
--------------------------------------------------------------------------------
M.Menge                                 Tel.: (49) 7071/29-70316
Universitaet Tuebingen                  Fax.: (49) 7071/29-5912
Zentrum fuer Datenverarbeitung          mail: menge@...-tuebingen.de
Waechterstrasse 76
72074 Tuebingen