Milter-greylist

manu@... a \ufffdcrit :
> Petar Bogdanovic <petar@...> wrote:
> 
>> What about spam from domains with restrictive SPF policies? SPF pass
>> means nothing nowadays.
> 
> Agreed. SPF fail is probably the only interesting thing to use (for
> rejection)
> 

Personnaly I use several SPF rules in greylist.conf:

- "spf fail" to reject (but beware of non-SRS-compliant forwarders which 
could lead to false-prositives). This protects agains some 
sender-address abuses (so, some spam).

- "spf softfail" to greylist somewhat longer than the default

- "spf pass spf self" also to greylist longer (too bad we couldn't fully 
reject, some legitimate domains have broken SPFs...)

- "spf pass" to skip default greylisting (on the bottom part of ACLs).

And I have some more acls to apply heavier penalty if the above rules 
combine with some other: for example, if we have "spf self" AND some 
positive DNSRBL, the we could reject.

But nowadays spammers are more and more shifting away from trojan spam 
agents (zombie botnets), which weren't so difficult to identify (DNSRBL, 
SPF, DNS records regex, and the like). They are rather going to exploit 
regular SMTP servers, which have good SPFs, are on whitehlists, have 
unsuspicious DNS records... So the fight becomes more fuzzy.

-- 
Ce message a ete verifie par MailScanner
pour des virus ou des polluriels et rien de
suspect n'a ete trouve.