Keld Jørn Simonsen wrote:
I am applying greylisting and it really has some effects
> on the amount of spam coming in.
Greylisting, I'm afraid to say, is definitely fast becoming a very
popular feature for our WCSMTP system.
So I ask you: would greylisting based on some unique id
> like Message-id: lead to a better result?
Of course, just to state the obvious. GreyListing is DATA ignorant so
"message-id" would never be involved. GreyListing is 100% based on the
TRIPLET entities:
TRIPLET = HASH(IP, x821.MAILFROM, x821.RCPTO)
See the "officlal" greylist documentation
http://projects.puremagic.com/greylisting/whitepaper.html
That said, sure, I can see an enhanced greylisting, like maybe factor
in a Message-ID with the TRIPLET hash. i.e., catalog the rejected
message-id: lines, if any, and then use this as a pre-check to the
greylisting.
Might work, but I am not sure if this would have an effect on the
already overall high success rate of greylisting. Typically, if a
greylist spammer is going to return, it might do so with a different
message, but it will typically still behave the same with its 1 shot
attempt deal. I can't imagine a spammer who is greylisted and doesn't
try again with one TRIPLET value, is going to change his SEND pattern
with a different TRIPLET value. :-)
In any case, it would be interesting to see what results you find. :-)
And would there be problems issuing an error code like "file
> system full" at the time of the "QUIT" command? I have heard
> that some genuine MTAs would have problems with recovering
> from such a message at that time. Which MTAs would that be?
Do you mean as a response to the DATA stage?
I can't imagine any MTA having a problem with a expected support of the
DATA response, either 250, 4xx, or 5xx.
--
HLS