Milter-greylist

At 13:17 4/05/2007, manu@... wrote:

>I sum it up for other readers:
>greylist using (domain name of sender machine, sender e-mail, receiver
>e-mail) instead of (IP, sender e-mail, receiver e-mail). eg: (yahoo.com,
><mailto:sender@...>sender@..., 
><mailto:user@...>user@...)

Well, your example isn't technically correct. It would be more likely 
eg of "dyn-ip.adsl.isp.com", "spoofed.address@...", "victim@..."

Since the reverse lookup is done on the IP of the sending 'MTA'.

> > Can this be done with milter-greylist? If not, is it a feature worth
> > requesting?
>
>The idea is interesting, but doesn't that let much more spam from
>botnets? Zombies connected from the same ISP will have similar tuples.

The zombies aren't really zombies though are they? Maybe if they're 
virus-compromised machines, but the chances of more than one machine 
in the same ISP being infected with the same virus which is sending 
out the same 'from' address, is very very low. And as for spammers, 
how often do they send using the same 'from' address (ie they tend to 
generate random addresses)? How often to they send more than one span 
from the same address to the same address?

It is call _weak_ greylisting for a reason ;), but I've never had any 
problem with it in the year or so I have been running it on my domain.

>About implementing it: contributed code is welcome, but please discuss
>here how you are going to do it, especially on the configuration file
>format front.

I am not a coder, so I have no idea where to start. My coding skills 
are 2nd year univeristy and very rusty :D

Collin