Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-28 23:32 UTC

Message

Re: [milter-greylist] Some features for future releases...

2007-12-13 by Seth Mos

Benoit Branciard schreef:
> here are some features I think would be nice to add one day in a release 
> of milter-greylist:
> 
> - sender MX validity : the idea is to able to identify sender domains 
> whose MX is "bad", ie points to at least one IP pertaining to an 
> IANA-reserved block : loopback, private use, multicast, broadcast, 
> testing, link-local, and so on (see http://www.faqs.org/rfcs/rfc3330.html).
> Care should be taken to account for CNAME nesting (with max recursion 
> counter and loop detection), DNS temporary failures, and IPv6 counterparts.
> Sendmail 8.14 introduced such feature, but adding it to milter-greylist 
> is still interesting because of integration in ACL system.
> 
> example of use :
> 
> 	racl blacklist mx bad msg "invalid sender MX"
> 
> 
> - sender MX client matching : the idea is to setup a poor man's SPF 
> check for domains who don't publish SPF records, and have the same 
> servers for inbound and outbound traffic (a quite common case): if a 
> mail from domain foo.bar comes from an IP which is listed as MX for 
> foo.bar, then we can quite trust it and skip greylisting. An example of 
> use :
> 
> 	racl whitelist mx match
> 
> 
> Of course above examples are only suggestions, the actual syntax may differ.

If we can verify the sender ip address is matching the MX record for the 
   sending domain, then whitelist the message. It works better in 
practive when coupled with the -L command line modifier as this is very 
similar to the "mailfarm" problem.

I have this exact same approach active with a urlcheck feature, and in 
the last year I have been using this with a modest email load on about 
200 mailboxes.

I can attest that it works well, and also diminishes the impact 
greylisting would otherwise make. This, being a network admin, is a good 
thing.

We have public email addresses on our website (info@) and with this 
modification I see no perceive no rise in the amount of spam that 
arrives in that box.

It mainly brings benefits and less impact to normal mailserver 
operation. The PHP implementation of this code is viewable here: 
https://webmail.coltex.nl/spam/mxhostcheck.txt

The code is available under the BSD license. Only requirement for using 
it is the host binary.

Kind regards,

Seth

Attachments

  • No local attachments were found for this message.

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.