On Fri, 26 Oct 2007, Matt Kettler wrote: > Jim Hermann wrote: >> Does TLS bypass greylisting like authentication? > > Yep. You'll see messages like this in your logs: > > milter-greylist: STARTTLS succeeded for DN="xyz", bypassing greylisting > > Which is really quite reasonable. Any system, even if it is a spammer, that can > do starttls is also quite capable of retrying, so will ultimately get past a > greylist anyway.. Hrmmm, then the next question is: does greylisting check the cert validity? My own system has the CA roots fully configured, so if it's a true Thawte/Geotrust/Verisign cert, I'll get VERIFY=ok. Does milter-greylist care? (Lest spammers link their trojans against openssl...) -- "Check it out, it's just like Christmas. Except it sucks." -Jason Seguerra, 3/2/05 --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org ---------------------------
Message
Re: [milter-greylist] Does TLS bypass greylisting?
2007-10-27 by Dan Mahoney, System Admin