ietf-smtp
[Top] [All Lists]

Re: greylisting done at end of headers, or end of daya (QUIT) ?

2007-01-30 15:29:21


Keld Jørn Simonsen wrote:

I am applying greylisting and it really has some effects
> on the amount of spam coming in.

Greylisting, I'm afraid to say, is definitely fast becoming a very popular feature for our WCSMTP system.

So I ask you: would greylisting based on some unique id
> like Message-id: lead to a better result?

Of course, just to state the obvious. GreyListing is DATA ignorant so "message-id" would never be involved. GreyListing is 100% based on the TRIPLET entities:

    TRIPLET = HASH(IP, x821.MAILFROM, x821.RCPTO)

See the "officlal" greylist documentation

    http://projects.puremagic.com/greylisting/whitepaper.html

That said, sure, I can see an enhanced greylisting, like maybe factor in a Message-ID with the TRIPLET hash. i.e., catalog the rejected message-id: lines, if any, and then use this as a pre-check to the greylisting.

Might work, but I am not sure if this would have an effect on the already overall high success rate of greylisting. Typically, if a greylist spammer is going to return, it might do so with a different message, but it will typically still behave the same with its 1 shot attempt deal. I can't imagine a spammer who is greylisted and doesn't try again with one TRIPLET value, is going to change his SEND pattern with a different TRIPLET value. :-)

In any case, it would be interesting to see what results you find. :-)

And would there be problems issuing an error code like "file
> system full" at the time of the "QUIT" command? I have heard
> that some genuine MTAs would have problems with recovering
> from such a message at that time. Which MTAs would that be?

Do you mean as a response to the DATA stage?

I can't imagine any MTA having a problem with a expected support of the DATA response, either 250, 4xx, or 5xx.

--
HLS