Laird Breyer <laird(_at_)lbreyer(_dot_)com> wrote:
On Apr 03 2006, Seth Breidbart wrote:
Describe how you'd test greylisting without perturbing the system.
That was a trick question. You provably can't.
I already have outlined it several times now. The greylisting system
logs all the events which enter into the final decision. When a mail
is rejected, the record of evidence which triggered that rejection
(call it R) is kept.
Consider some spamware: based on whether it gets 4XX or 5XX, early or
late in the transaction, it decides how to continue (4XX resends the
same thing later, 5XX early sends from another IP address, 5XX late
changes hashbusters and sends from the same IP address, a second fail
changes hashbusters again and sends from a different IP address, where
to send other spams going to the same mailserver but to different
addresses from, . . .)
Now, whatever you do affects what you see later. Therefore you
_cannot_ do a test without perturbing the system.
Seth
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg