Milter-greylist

Jack L. Stone wrote:
> At 09:23 PM 8.21.2006 +0200, manu@... wrote:
>> AIDA Shinra <shinra@...> wrote:
>>
>>> 1. may_be_forged ACL condition
>>> http://www.j10n.org/files/milter-greylist-3.0a2-step1.patch
>>>
>>> When a client has bogus reverse DNS, that is, IP -> PTR -> A != IP,
>>> sendmail sets {client_resolve} macro to FORGED. This patch implements
>>> ACL condition to take advantage of it. You need to add
>>> {client_resolve} into Milter.macros.connect. Example:
>>> acl blacklist domain /.*\.info/ may_be_forged
>>> acl greylist may_be_forged
>> Some thoughts:
>> - may_be_forged name is a bit long to read in ACL. What about just
>> forged?
>> - Changes to documentation for the new feature would be nice :-)
>> - Do you catch a lot of spam with that?
>>
> 
> This "may be forged" thing would have a lot of FPs methinks......
> 
> 

True, but it's still likely useful if you also use the per-acl greylist delay
time, and use it as a criteria for a longer greylist period.

Or, if you're like me and have your default set to whitelist, you could use this
as one of your greylist conditions. Right now I greylist no RDNS, APNIC, LACNIC,
and dialup-looking hosts, then default to whitelist. Eventually I'd like to
greylist based on spamcop and NJABL-DUL lookups, as well as my no-RDNS, apnic
and lacnic rules. If this feature gets added, I'll probably use it as another
criteria to trigger greylisting.

However, right now I'm having trouble building the 3.0a series and haven't had
time to play with fixing it, but I've seen a lot of discussion of it. (undefined
reference to `__ns_init parse')