Milter-greylist

Hi,

I am dont know if this have being discussed before.

Why not autowhitelist the server IP address only?

If a tuple gets autowhitelisted, it is because the senders is using a
real smtp (and there is nothing greylist can do about it) or a clever
spam tool.

After one AWL tuple from this server, we can assume that every message
will be AWLed sooner or later.

So, why not use only the senders smtpd IP address for AWL?
This would speedup all messages that would have to be AWL later on
anyway (evem spam), and save the servers memory.

Am I missing something?


Raul Dias

Raul Dias wrote:
> Hi,
> 
> I am dont know if this have being discussed before.
> 
> Why not autowhitelist the server IP address only?
> 
> If a tuple gets autowhitelisted, it is because the senders is using a
> real smtp (and there is nothing greylist can do about it) or a clever
> spam tool.
> 
> After one AWL tuple from this server, we can assume that every message
> will be AWLed sooner or later.
> 
> So, why not use only the senders smtpd IP address for AWL?
> This would speedup all messages that would have to be AWL later on
> anyway (evem spam), and save the servers memory.
> 
> Am I missing something?
> 

Yes, the fact that this exists already.. it's the lazyaw option.

From greylist.conf:

# Uncomment if you want auto-whitelist to work for
# the IP rather than for the (IP, sender, reciever)
# tuple.
#lazyaw

That's an interesting idea, once a server has proven it's going to queue up the messages, it most likely will always do so, so 
greylisting it further only delays any other email as it will eventually get through anyway. My very first reaction when I read this 
was "no way", but after I started thinking about how to respond and wanting to explain why it's a bad idea, I realized it's not such 
a bad idea after all.

Dennis

Raul Dias wrote:

> Hi,
> 
> I am dont know if this have being discussed before.
> 
> Why not autowhitelist the server IP address only?
> 
> If a tuple gets autowhitelisted, it is because the senders is using a
> real smtp (and there is nothing greylist can do about it) or a clever
> spam tool.
> 
> After one AWL tuple from this server, we can assume that every message
> will be AWLed sooner or later.
> 
> So, why not use only the senders smtpd IP address for AWL?
> This would speedup all messages that would have to be AWL later on
> anyway (evem spam), and save the servers memory.
> 
> Am I missing something?
> 
> 
> Raul Dias
> 
> 
> 
> 
>  
> Yahoo! Groups Links
> 
> 
> 
>  
> 
>

> Yes, the fact that this exists already.. it's the lazyaw option.
> 
> >From greylist.conf:
> 
> # Uncomment if you want auto-whitelist to work for
> # the IP rather than for the (IP, sender, reciever)
> # tuple.
> #lazyaw


Thanks.

When I read lazyaw, I misunderstood it. I thought that it would only
check the IP connections before AWLing it.

Any Cons for using lazyaw?


Raul Dias

Raul Dias wrote:
>>Yes, the fact that this exists already.. it's the lazyaw option.
>>
>>>From greylist.conf:
>>
>># Uncomment if you want auto-whitelist to work for
>># the IP rather than for the (IP, sender, reciever)
>># tuple.
>>#lazyaw
> 
> 
> 
> Thanks.
> 
> When I read lazyaw, I misunderstood it. I thought that it would only
> check the IP connections before AWLing it.
> 
> Any Cons for using lazyaw?

It does make it slightly easier to spam you.

Say for example a backdoored cable box is randomly sending spam to users in your
domain, all from the same envelope sender, and getting greylisted.

Eventually there's a good chance it will try to send a second spam to the same
user. If lazyaw is off, only that one user looses the greylist for this source.
If lazyaw is on, all future mail from that IP, even ones with different senders
or new recipients, will be accepted.

Basically lazyaw causes the "random chance of duplicate hits" to open the gates
for that IP completely. This isn't a wildly common problem, but it is real.

On Tue, Nov 08, 2005 at 04:23:28PM -0200, Raul Dias wrote:
> Why not autowhitelist the server IP address only?
(snip)
> Am I missing something?

Think about NAT.

Anyway, if you want it, you can have it: it's the lazyaw option.

-- 
Emmanuel Dreyfus
manu@...