On Sun Aug 30, 2009 at 17:22:43 -0700, Michael Papet wrote:
> I've been modding other plugins and am scheming to write a plugin
> that does the following.
>
> 1. mail passes the usual plugins tests
> 2. Generate an MD5 signature on the body and title.
> 3. Check for the md5 signature in a db. If it finds one, accept the mail.
> If it doesn't reject the mail.
>
> The general idea being, more legitimate mail will retry.
Essentially the behaviour you're expecting is that:
* Mail will be refused the first time it is delivered.
* The mail will subsequently be accepted.
Congratulations - you've reinvented greylisting:
http://en.wikipedia.org/wiki/Greylisting
Only your approach is a little more complex than the standard one.
> A. Should I even bother? I'm not enough of an admin to know
> if this would be a worthwhile endeavor. This may be exploited by
> spammers already.
I'd suggest not, and that the more basic and already written
greylisting plugin would be the way to go if you want this
behaviour.
In my personal experience greylisting isn't as effective as it
once was. In the past random compromised machines would fire off
lots of SMTP connections and ignore errors. These days more of my spam
comes from compromised machines that route via their ISPs - and so
they are requeued a lot of the time.
Still other people swear by the approach, so you might find it
works for you.
Steve
--
Debian GNU/Linux System Administration
http://www.debian-administration.org/
