Milter-greylist

Hi,

I want to implement taRgrey into milter-greylist. I want to
hear comments about how should I implement it.

= Background

taRgrey is an anti-spam technique based on greylisting and
tarpitting:
  http://k2net.hakuba.jp/targrey/index.en.html

taRgrey's main purpose is decreasing false positives with
low maintenance cost. Decreasing false positives is more
important rather than increasing false negatives because
false negative mails can be detected content-based filter
(e.g. SpamAssassin) but false positive mails can't be
rescued easily. So taRgrey is valuable.


= About taRgrey

taRgrey don't apply greylisting until a SMTP client seems a
spammer. taRgrey uses S25R and tarpitting to decide a SMTP
client is a spammer. A SMTP client is treated as non-spammer
if it passes one of S25R, tarpitting and greylisting. It
decreases false positives.

S25R: It's an anti-spam technique that detects spam-bots
      with SMTP client's FQDN and 7 regular expressions:
        http://www.gabacho-net.jp/en/anti-spam/

      It's an effective technique to detect spammers because
      most of spams are sent by spam-bots.

Tarpitting: It's an anti-spam technique that detects
            spam-bots with less delay rather than greylisting:
              http://en.wikipedia.org/wiki/Tarpit_(networking)


Here is a flowchart that shows how taRgrey works:
  http://k2net.hakuba.jp/targrey/targrey_constitution.gif


= A question about configuration

I have some ideas for taRgrey configuration:

  (1) Adding 'targrey' action.
      e.g.: racl targrey CONDITIONS ... sleep 65s

      This ACL line means:
      - a SMTP client is passed and pushed into
        auto-whitelist if a SMTP client that matches
        'CONDITIONS ...' still connected after 65s.
      - a SMTP client is passed and pushed into
        auto-whitelist by greylisting if a SMTP client that
        matches 'CONDITIONS ...' and disconnected until 65s
        earlier resents the same messages.

      Pros.: Easy to read.
      Cons.: New action.

  (2) Adding 'tarpit' ACL clause.
      e.g.: racl greylist CONDITIONS ... not tarpit 65s

      This ACL line means that a SMTP client is greylisted
      if a SMTP client that matches 'CONDITIONS ...'
      disconnects until 65s earlier.

      Pros.:
      - No new action.
      - 'tarpit' can be used with 'blacklist' and/or
        'whitelist' instead of 'greylist'.
      Cons.:
      - 'not' keyword may be forgotten.

  (3) Or other idea...

I like (2) because (2) is more flexibly rather than (1).


= Questions about implementation

The next step. :)


Thanks,
--
kou