Stuart D. Gathman wrote:
On Wed, 15 Oct 2008, Michael Deutschmann wrote:
You could set your system up to automatically whitelist any address your
customer mails to. This will protect you if someone your customer is
already talking to suddenly gets listed.
Doesn't that assume "+mx -all"? One should whitelist the IPs where
replied messages actually came from... Rather, I would whitelist the
sender and just flag the DNSBL lookup response, delaying any reaction
until responding to the RCPT command. That way it is also possible to
forget DNSBL altogether for specific recipients who don't want that
filtering.
Already do that. And use honeypots for blacklisting (and content filter
training) - as well as behavioural triggers, like 4 forged MFROMs in a row from
an IP gets it blacklisted, and 4 nonexistent RCPTs from a MFROM gets the IP
blacklisted (and the MFROM blacklisted if SPF Pass). The blacklist (and
whitelist) is self-maintaining.
May I ask how do you manage black list entries rehabilitation? I'm
planning to do something similar to Stockade(*), i.e. to have a decay
rate so that the probability that a listed IP gets blocked is
automatically halved every that many seconds, until it eventually
vanishes. That implies fuzzy blocking, though.
[*] http://caia.swin.edu.au/stockade/
They do it at the IP level.
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com