On Mon, 19 Jun 2006, Logan Shaw wrote: > If it comes up with a very high score (almost definitely spam), > drop it right away. If it comes up with an indeterminate score, > apply the greylisting approach and delay it until later.
What's the point? You've already *got* the entire message, at that point why tell the sender "I don't want it right now, try again later"? Instead of SMTP TMPFAILing the message, why not just add a few SA points for "never seen this sender before"? > What does this buy you? Two things. The first is that low-risk > messages (based on content) go right through, eliminating much > of the downside of greylisting. The second is that for messages > which SpamAssassin is unsure about, you get the added benefit of > greylisting. By definition, SpamAssassin by itself is insufficient > in these cases, so any extra information you can gather (i.e. whether > the sender retries) is valuable information. At the cost of receiving and processing those messages at least twice. Consider the case of a spammer whose software *does* retry, but retries every two or three minutes until delivery is accepted or PERMFAILed. I have seen this in my greylist logs. Do you really want SA + AV + whatever to completely process this message a half-dozen times before making a permanent decision at the end of the delay period? > To put it another way, greylisting has a high cost in terms of > convenience. Email is a store-and-forward best-attempt unguaranteed delivery system, *not* Instant Messaging. The perception that a fifteen-minute delay in delivery of a message is not acceptable is unrealistic. And if such a delay *is* unacceptable, then you need to use something other than email to communicate. Most greylisting tools can be configured to bypass greylisting for specified recipient addresses. In your example of salespeople not wanting to have their messages from potential customers delayed, just bypass greylisting for them and leave the standard behavior in place for everybody else. -- John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/ [EMAIL PROTECTED] FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- What nuts do with guns is terrible, certainly. But what evil or crazy people do with *anything* is not a valid argument for banning that item. -- John C. Randolph <[EMAIL PROTECTED]> -----------------------------------------------------------------------
