Mailing List Archive: SPF: Discuss

Greylisting

Index | Next | Previous | View Threaded

mengwong at dumbo

Oct 9, 2003, 9:27 AM

Post #1 of 3 (318 views)
Permalink

Greylisting

On Thu, Oct 09, 2003 at 09:07:42AM -0700, Richard Pitt wrote:
| One aspect of spam noted by a friend of mine in the computer security
| business is that many spam programs don't re-try if they get a soft
| error the first time.
|
| His initial thought was to introduce a cycle in the MTA that would
| reject all unknown sender/IP address combos the first time and allow
| them the second within a (relatively) short period of time (say 1 hour
| or 4 hours) since most spammers either don't retry at all, or retry the
| next "cycle" which may be many hours later if they are in the millions
| of addresses league.
|
| This aspect is due to the fact that the spam program doesn't run a
| "normal" MTA - one which retries as a rule and backs off on retry time
| to longer and longer times over a matter of days.

This is called greylisting and is available in many MTAs; Postfix v2
provides greylisting code in its sample policy daemon.

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname@©#«Mo\¯HÝÜîU;±¤Ö¤Íµøˆ¡

mengwong at dumbo

Oct 9, 2003, 9:48 AM

Post #2 of 3 (301 views)
Permalink

greylisting [In reply to]

On Thu, Oct 09, 2003 at 06:40:12PM +0200, David Saez wrote:
|
| > One aspect of spam noted by a friend of mine in the computer security
| > business is that many spam programs don't re-try if they get a soft
| > error the first time.
|
| we tried greylisting for some time, the problem is that there are lots
| of legal mta's out of there that alkso don't retry.
|

"Legitimate", yes. "Legal", not acccording to RFC2821 :)

Yes, they need to be whitelisted by hand, which is a pain.

Yahoo Groups is an example of a non-retryer.

Yahoo in general seems to have trouble with mail: I turned on sender
address verification for a while and it worked great. Then I
saw Yahoo happily accepting forged, bogus recipients, like
3q5yreag [at] yahoo That was disappointing.

If you're interested in sender address verification, I believe Exim and
Postfix support it.

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname@©#«Mo\¯HÝÜîU;±¤Ö¤Íµøˆ¡

david at ols

Oct 9, 2003, 10:54 AM

Post #3 of 3 (300 views)
Permalink

Re: greylisting [In reply to]

Hi !!

> | we tried greylisting for some time, the problem is that there are lots
> | of legal mta's out of there that alkso don't retry.
> |
>
> "Legitimate", yes. "Legal", not acccording to RFC2821 :)

of course I don't mean rfc compliant

> Yes, they need to be whitelisted by hand, which is a pain.

true, any mehtod that requieres whitelisting is not good

> If you're interested in sender address verification, I believe Exim and
> Postfix support it.

yes, we are using callouts with exim since they are available, this works
very well, but do not prevent forgery ... we will need to wait until spf
or other proposal becomes a rfc standard ...

--
Best regards ...

Discoveries are made by not following instructions.

----------------------------------------------------------------
David Saez Padros http://www.ols.es
On-Line Services 2000 S.L. e-mail david [at] ols
Pintor Vayreda 1 telf +34 902 50 29 75
08184 Palau-Solita i Plegamans movil +34 670 35 27 53
----------------------------------------------------------------

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname@©#«Mo\¯HÝÜîU;±¤Ö¤Íµøˆ¡

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads