Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-28 23:32 UTC

Message

Two Suggestions

2007-02-01 by Tom Hedges

1) This first idea was privately e-mailed to Emmanuel Dreyfus in the last week, but he did 
not seem to see its merit. I feel it might at least be a global option option that defaults to 
off, and those like myself, would be able to turn it on.

The idea that any SMTP transaction that fails to call EOM (which probably means calls 
abort), cause milter close call to flush all records in either the gray-list or the auto-white-
list for that relay IP address.

This can occur for several reasons: another previously called milter returned a temporary 
or permanent reject, Sendmail (sorry for the 5% Postfix users, although it may be identical) 
rejected the e-mail or the TCP/IP connection failed. With modern broadband, TCP/IP 
failure is _very_ rare; so basically a spam and/or virus milter rejected the e-mail, or 
Sendmail rejected it most likely because of a bogus account. I feel, and have good 
evidence to support, that this heuristic works well and reduces the size of the lists, 
especially the greylist.

Both Emmanuel and myself have this patch and I think having more people trying it out 
would be good, since it is a heuristic and may well cause bad effects over time - only 
experimentation will prove or disprove its merit. It is not a patch that will destabilize the 
milter; rather it may increase or not delays and/or may decrease greylist and auto whitelist 
sizes.

2) The second proposal, which I have not shown to Emmanuel yet, is an extension on his 
idea for pruning envelop user names for mailing lists. I have found machine-generated 
user names, often with many more digits than letters, occur when certain automated e-
mail's are sent by non-mailing list daemons. These can clutter the auto-white-list and 
never will match another e-mail.

My proposal, which is still in the works, is to identify these envelop sender user names and 
completely replace them by generic text, e.g. AUTO_GENERATED_USER. This results in a 
whitelist entry that _may_ match and is not something that would let span through. I am 
still trying to refine my heuristic here. I have nearly ever non-spam e-mail sent to me for 
the last 8 years and I need to do data reduction to refine the heuristic. As I said before, a 
long name with lots of digits versus letters seems to be the key.


I hope others might be interested in these ideas and I welcome constructive (whether 
negative or positive) feedback.

Attachments

  • No local attachments were found for this message.

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.