Milter-greylist

I *think* this idea should work the way I intend, but it's not likely a usage
that was envisioned when flushaddr was added, so I figured I'd ping the list
before trying it out in production.

At my site, there are certain email addresses that act as spamtraps. Mail to
these addresses are automatically forwarded into my bayes training, and I later
review them for mistakes. (Thus far, there have been none, and I've had this in
place for 2 years. The addresses chosen were picked very carefully and were
monitored extensively prior to use, and continue to be monitored.)

In any event, I very much want to receive email sent to these addresses quickly,
as it gives my bayes DB a "leg up" on the freshest spam. However, I know with a
very high degree of certainty that any IP emailing one of these addresses is
spamming.

As such, I'd like to flush out any existing greylist/autowhite entries for any
site that emails a spamtrap. This winds up, for all other users, effectively
blacklisting any sites that consistently email my spamtraps, as their greylist
entries will keep getting purged.

So, should this wind up working? Assuming of course the sender keeps "carpet
bombing" batches of valid users, mixed in with spamtraps?

racl whitelist rcpt /\<spamtrap@domainfragment/ flushaddr

On Mon, Jul 09, 2007 at 01:10:34PM -0400, Matt Kettler wrote:
> So, should this wind up working? Assuming of course the sender keeps "carpet
> bombing" batches of valid users, mixed in with spamtraps?
> 
> racl whitelist rcpt /\<spamtrap@domainfragment/ flushaddr

That should be okay, except that the leading < is stripped by milter-greylist,
if I recall correctly.

-- 
Emmanuel Dreyfus
manu@...

Emmanuel Dreyfus wrote:
> On Mon, Jul 09, 2007 at 01:10:34PM -0400, Matt Kettler wrote:
>> So, should this wind up working? Assuming of course the sender keeps "carpet
>> bombing" batches of valid users, mixed in with spamtraps?
>>
>> racl whitelist rcpt /\<spamtrap@domainfragment/ flushaddr
> 
> That should be okay, except that the leading < is stripped by milter-greylist,
> if I recall correctly.
> 

It's not stripped by  milter-greylist-3.1.8, nor any of the prior versions I've
used. I actually wind up using it as a "start of string" anchor of sorts.
Although, if you want to get technical, I'm still using acl, not racl.


Currently I've already got this and it works beautifully:

acl whitelist rcpt /\<spamtrap@domainfragment/


So, all I'm doing is adding flushaddr to an existing ACL.

Also, FWIW, I added the flushaddr, and it appears to be working correctly.

On Tue, Jul 10, 2007 at 10:24:18AM -0400, Matt Kettler wrote:
> Although, if you want to get technical, I'm still using acl, not racl.

acl and racl are synonym. racl is there to avoid the confusion with dacl,
and acl is there for backward compatibility.

> Currently I've already got this and it works beautifully:
> 
> acl whitelist rcpt /\<spamtrap@domainfragment/
> 
> 
> So, all I'm doing is adding flushaddr to an existing ACL.
> 
> Also, FWIW, I added the flushaddr, and it appears to be working correctly.

-- 
Emmanuel Dreyfus
manu@...