[SA-exim] Greylisting algorithms after end of DATA

Magnus Holmgren holmgren at lysator.liu.se
Sat Jan 20 14:04:10 PST 2007


On Saturday 13 January 2007 14:37, Magnus Holmgren wrote:
> So, what I suggest for a future SA-Exim version (and to anyone implementing
> something similar using only Exim ACLs is this): For each host (or /24 or
> /64 network), store a list of records representing messages that host has
> tried to deliver. A record contains a timestamp and a key, which could be a
> hash of $rh_From:, $rh_Subject:, $recipients (but see below) etc. When a
> message matches an existing record, check the timestamp, and if enough time
> has passed, replace the whole list with "whitelisted" (if not, do nothing).
> (Most of the time, just one message arrives before the host gets
> whitelisted.)
>
> One question to be solved is about $recipients. The envelope recipients
> have to be checked since a spammer can send the same spam to many addresses
> but with the same From: field. Most often there is only one recipient, and
> even otherwise, normally the list is the same from delivery attempt to
> delivery attempt, but it could change if one or more recipients were
> temporarily rejected on one occasion but not the other. Furthermore, it
> can't be demanded that MTAs give the list in the same order each time.
>
> When storing the list of attempted deliveries in a file I'd prefer if the
> file didn't have to be rewritten, only appended to. Maybe it can be deemed
> enough if one recipient is found in the list of recipients of the first
> delivery attempt.

No comments (on this list) so far. One more question: Does anyone use the 
Whitelisted count and Query count lines in the tuple files for anything 
(debugging, statistics, ...)?

-- 
Magnus Holmgren        holmgren at lysator.liu.se
                       (No Cc of list mail needed, thanks)

  "Exim is better at being younger, whereas sendmail is better for 
   Scrabble (50 point bonus for clearing your rack)" -- Dave Evans
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.merlins.org/archives/sa-exim/attachments/20070120/b78f40c6/attachment.pgp 


More information about the SA-Exim mailing list