Milter-greylist

egcrosser <egcrosser@...> wrote:

[SPF]
> I'm afraid that's not really the case.  What a spammer can do is
> register a (number of) throwaway domain(s) and publish SPF record of
> the kind "v=spf1 +all".  Then command his zombie army to use MAIL
> FROM:<...@...>.

Well, if that happens, I assume SPF has no point, then. 
I just see a minor point: buying a domain costs money, and if I recall
correctly, the registar must hold the real identity of the domain owner.
 
> Really so.  Still the problem with the current approach is that it in
> fact gives spammers a "fast track" around the greylist! (as described
> above)

But do you get spam with this scenario?
 

[Dynamic greylisting delay, getting higher and higher for bad guys] 
> > That's an interesting idea. Don't you fear you could give higer and
> > higher scores to ISP mail servers? 
> Possibly the delay can automatically drop down to default value once
> "bad behavior" stops?

Could you post a more detailed plan of the way you think this should be
handled? The idea of a reputation system sounds appealing to me, but I
don't see how you would increase or decrease the delays exactly.
 
> > Mail comming from localhost? 
> Quite possible.  I see "address 127.0.0.1 is in exception list" in the
> same second.  The message is alarming, though :-)  (and it also lacks
> the ID tag btw).

The one should be easy to fix. Mail from localhost never set ${if_addr}

-- 
Emmanuel Dreyfus
Il y a 10 sortes de personnes dans le monde: ceux qui comprennent 
le binaire et ceux qui ne le comprennent pas.
manu@...