Milter-greylist

Matthias Scheler wrote:
 > Oliver Fromme wrote:
 > > > > The idea is that many small sites (e.g. soho) use the
 > > > > same servers for incoming and outgoing mails, so the
 > > > > MX record (or A record) of the domain is the same as
 > > > > the one we receive their mail from.
 > > > 
 > > > The problem is that spammers create such real looking setups, too.
 > > 
 > > No, not easily, because you need many servers to send
 > > massive amounts of spam.  That's why they often use
 > > botnets.
 > 
 > They can have a lot of MX records which point to A records that resolve
 > to a lot of hosts. So it would perhaps make sense to check for such
 > things.

Please read the explanation from my first mail.  It says
that it doesn't cover more than 5 records (MX or A).

So if a spammer enters dozens (or even hundreds or
thousands) of his spam machines as MX records for his
sender domains, then they won't match the "soho" check,
and he will not be whitelisted.

Best regards
   Oliver


-- 
Oliver Fromme,  secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.

C++: "an octopus made by nailing extra legs onto a dog"
        -- Steve Taylor, 1998