[Top] [All Lists]

Re: greylisting done at end of headers, or end of daya (QUIT) ?

2007-01-30 15:22:55

At 8:17 pm +0100 30/1/2007, Keld Jørn Simonsen wrote:
I am applying greylisting and it really has some effects on the amount
of spam coming in.

I am running postfix with postgrey, and postgrey only has data available
from the envelope, such that Message_Id: information is not available. I
notice that in Freebsd greylisting is done using message-id:

I see the follwing scenaro for me: a zombie machine sends out spam for
me, and I greylist it and the zombie does not resend the message to me.
The the same zombie sends me another spam mail, and then this is
recognized by postgrey as the first message being resent, as it does not
know better. I have a feeling that this is going on in some amount of
cases, but I cannot investigate it as postgrey does not have access to
the info I would like to log.

So I ask you: would greylisting based on some unique id like Message-id:
lead to a better result?

In my MTA, I am doing graylisting based on just the IP (not even the IP+MAIL FROM+RCPT TO) and I am finding that very little spam gets through even that. You might find graylisting on the Message-ID is slightly more effective, however it could potentially be less effective if a bunch of spambots send out a pile of spam all with the same Message-ID because they are all sending exactly the same message.

And would there be problems issuing an error code like "file system full"
at the time of the "QUIT" command?

By QUIT time the message has already been received and acknowledged, so it is too late to refuse it.