Milter-greylist

On Sat, 27 Oct 2007, Matt Kettler wrote:

> Dan Mahoney, System Admin wrote:
>> On Fri, 26 Oct 2007, Matt Kettler wrote:
>>
>>> Jim Hermann wrote:
>>>> Does TLS bypass greylisting like authentication?
>>> Yep. You'll see messages like this in your logs:
>>>
>>> milter-greylist: STARTTLS succeeded for DN="xyz", bypassing greylisting
>>>
>>> Which is really quite reasonable. Any system, even if it is a spammer, that can
>>> do starttls is also quite capable of retrying, so will ultimately get past a
>>> greylist anyway..
>>
>> Hrmmm, then the next question is: does greylisting check the cert
>> validity?  My own system has the CA roots fully configured, so if it's a
>> true Thawte/Geotrust/Verisign cert, I'll get VERIFY=ok.  Does
>> milter-greylist care?
>>
>> (Lest spammers link their trojans against openssl...)
>
> Does it matter? If they link against openSSL, they can also jut as easily retry..
>
> Remember, greylisting isn't resistant to a "clever" spammer. Never will be.

That was more tongue-in-cheek than anything else, heh.

-Dan

--

"You recreate the stars in the sky with cows?"

-Furrball, March 7 2005, on Katamari Damacy

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org
---------------------------