Joe Sniderman wrote:
Some quick comments:
Do people apply greylisting post-DATA in practise?
milter-greylist supports greylisting during DATA (not sure if its at the
beginning of DATA or at the end, could try it easily enough and find out
though) by means of the dacl configuration directive (as opposed to racl
for greylisting during RCPT)
AFAIK the DCC also can perform greylisting during DATA.
Might be worth adding a section to for greylisting performed during DATA.
There's also some interesting archive discussion regarding it on the
Mimedefang list:
http://lists.roaringpenguin.com/pipermail/mimedefang/2009-May/034793.html
It would appear from that discussion that at least Roaring Penguin
probably does do so in practice.
Or is this really
only something only performed in labs as it is the only way to
determine whether causes false positives.
AFAIK one of the supposed benefits of greylisting during DATA instead of
RCPT is reduction of false positives.
In the case of MIMEDefang, the probable reason is to avoid the following situation : a bot try to
send a message at some moment and some time later try to send a different message to the same
recipient. So, reduction of false negatives.
Another reason to do greylisting during DATA is to apply greylisting only on messages which content
score (evaluated by some kind of content filter) is greater than some threshold. In this case, not
reduction of false positives, but applying greylisting only to messages already considered suspects.
Either way, one goal of original greylisting is precisely to avoid heavy content filtering checks.
So, doing greylisting after DATA, may not be optimal.
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg