Milter-greylist

> 
> The idea is that only unknown clients should hit the last-resort 
> greylist ACL.
Absolutely agree here.
> 
> In that order, MX validity and MX-as-SPF (poor man SPF) tests would be 
> great to help reduce the hit rate of this last-resort ACL.
Agree here as well.
I might add - some forward vs. reverse DNS checks would tell us
something, too. Anyway, the concept of "poor man SPF" is good.
> 
> 
> Forwarders shoud use SRS. But if you combine with DNS whitelists, 
> chances are forwarders are already whitelisted.
> 
I agree here - SRS should be implemented on mail forwarders - not only
because it breaks SPF - it is just fair to claim your real identity.
And you want to send a mail on behalf of someone else? Hey, there is a
message body FROM field!

Regarding DKIM as Michael asked:
Yes, it only works after the DATA stage -> we have to receive the
whole mail. But you can still reject the message instead of "250 Ok,
message accepted for delivery".
But I agree, there is dkim-milter directly developed by sendmail
developers and it makes a little importance to merge it with this
software.

We should perhaps concentrate on what we could do at the SMTP-header
stage and make sure we have done it well.

Ondrej


> -- 
> Ce message a ete verifie par MailScanner
> pour des virus ou des polluriels et rien de
> suspect n'a ete trouve.
>