Milter-greylist

Manu@... wrote on Wed, 21 Jan 2009 17:41:18 +0100:

> > what for do we need sender and recipient email address?
> 
> If your ennemy is a spamware operating on a botnet, retaining (IP, from,
> rcpt) in your greylisting database cost ressources to the ennemy:

and for me, too!

it has
> to keep track of the tuple if it wants to defeat greylisting. 
> 
> For the botnet operator, resources are free (as it is operating on
> hacked machines), but they are not infinite. If it does not want to be
> too annoying, which would get it eradicated by the machine owner, it
> cannot consume too much resources. This is why we see spamwares keeping
> track of tuples for 15 minutes, but not for 4 hours.

I don't have any experience with this. I block most dialup/dynamic stuff 
right-away with RBLs and so probably don't see much coming in from Bots, 
anyway.

> 
> If you retain only the IP, the spamware just has to send messages with
> random (from, rcpt) to your server, and after some time, they will get
> through.

If I understand correctly, this model is in play when you greylist based 
on RBLs. e.g. greylist for four hours if in RBL. I think in other cases it 
doesn't make much sense, e.g. "normal" greylisting will not be longer than 
10 or 15 minutes or so. So, it's only a subset of users that need it. Fair 
enough to keep it for them.
But it's not necessary to store this data if lazyaw is in use. And in that 
case would dramatically reduce necessary storage size and bandwidth for 
sharing.



Kai

-- 
Kai Sch\ufffdtzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com