Milter-greylist

Kai Schaetzl <maillists@...> wrote:

> what for do we need sender and recipient email address?

If your ennemy is a spamware operating on a botnet, retaining (IP, from,
rcpt) in your greylisting database cost ressources to the ennemy: it has
to keep track of the tuple if it wants to defeat greylisting. 

For the botnet operator, resources are free (as it is operating on
hacked machines), but they are not infinite. If it does not want to be
too annoying, which would get it eradicated by the machine owner, it
cannot consume too much resources. This is why we see spamwares keeping
track of tuples for 15 minutes, but not for 4 hours.

If you retain only the IP, the spamware just has to send messages with
random (from, rcpt) to your server, and after some time, they will get
through. No need to keep track of the tuple, you make its life easier.

> - realtime sharing
> do all servers in the cloud need to know any "event" immediately? I don't
> think so. In general, you can assume that the "next" mail from the same
> source (be it a retry or a completely new one) will either follow in a
> time period

Yes, you are right here. I never thought about it, but real-time sync is
of no use, since a real server will not retry immediatly (and even if it
does, you want to tempfail that)

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...