Milter-greylist

Dan Mahoney, System Admin wrote:
> On Fri, 26 Oct 2007, Matt Kettler wrote:
> 
>> Jim Hermann wrote:
>>> Does TLS bypass greylisting like authentication?
>> Yep. You'll see messages like this in your logs:
>>
>> milter-greylist: STARTTLS succeeded for DN="xyz", bypassing greylisting
>>
>> Which is really quite reasonable. Any system, even if it is a spammer, that can
>> do starttls is also quite capable of retrying, so will ultimately get past a
>> greylist anyway..
> 
> Hrmmm, then the next question is: does greylisting check the cert 
> validity?  My own system has the CA roots fully configured, so if it's a 
> true Thawte/Geotrust/Verisign cert, I'll get VERIFY=ok.  Does 
> milter-greylist care?
> 
> (Lest spammers link their trojans against openssl...)

Does it matter? If they link against openSSL, they can also jut as easily retry..

Remember, greylisting isn't resistant to a "clever" spammer. Never will be.