Milter-greylist

Well isn't that like anything. Nothing is ever going be reliable, in  
greylisting triplites aren't even very accurate cause of firewalls,  
server pools that can cause the source ip and source email addresses  
to change each time.

Now people just using default setups or using someone elses config  
blindly is an issue, and it's their issue.

Not giving people an option, just for the sake that some people will  
use that option is an annoying or stupid way, is a different issue.

I know I personally collect stats of all kinds of things into my  
database, every greylist triplite, from address spam levels, from ip  
spam levels, os id spam levels, ....

I then compile the results ever now and again as I notice spam  
changing, and modify my rules, add new ones, and blacklist/whitelist  
people.


Quoting Oliver Fromme <olli@...>:

>
> manu@... wrote:
>  > Patrick Domack <patrickdk@...> wrote:
>  >
>  > > well, since we now have support for everything else (dnsbl, spf,
>  > > dkim), why not add p0f support (os fingerprinting) to selectively
>  > > greylist against.
>  >
>  > Heavily greylisting windows XP boxen could be a major benefit.
>
> The important question is:  How reliable is it?  How likely
> is it to get false positives?  It should be pointed out
> that tools like nmap (and similar) just take a good guess,
> but are often wrong.  For example, it doesn't detect one of
> my backup MX machines correctly.
>
> Also note that some server admins intentionally change the
> parameters of their TCP/IP stack so fingerprinting does not
> guess their OS correctly (just like many admins change the
> welcome message of their MTA so it confuses potential
> attackers).
>
> I don't want to put a huge greylist delay on machines based
> on their OS if the OS detection isn't 100% reliable.
>
> And I *certainly* don't want my own MTAs greylisted for a
> long time just because some other braindead server is unable
> to detect my OS correctly.  :-(
>
> That's why I feel a little uneasy adding such a "feature"
> to milter-greylist.
>
> Best regards
>    Oliver
>
> --
> Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
> Handelsregister: Registergericht Muenchen, HRA 74606,  Geschäftsfuehrung:
> secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün-
> chen, HRB 125758,  Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart
>
> FreeBSD-Dienstleistungen, -Produkte und mehr:  http://www.secnetix.de/bsd
>
> "The ITU has offered the IETF formal alignment with its
> corresponding technology, Penguins, but that won't fly."
>         -- RFC 2549
>
> ------------------------------------
>
> Yahoo! Groups Links
>
>
>
>