Federico Giannici wrote:
What about combining BlackListing and GreyListing?
I'm experimenting ab it with that right now. I've got my greylisting code to use a configurable number of checks before it decides if the greylist should be in use for an incoming connection. The idea is to avoid delaying most ham, and it seems to work pretty well. Currently the following tests (in this order) are used (at the first matching check, the rest of the tests are skipped): ---8<--- If p0f thinks it's a Novell server: Do not greylist. If the host rdns look dynamic: Do greylist. If the host is not swedish and the domain does not end in ".se" or ".org": Do greylist. If the host listed in our own dynamic blacklist: Do greylist. If the host has sent spam to us: Do greylist. If the host is listed in njabl, sorbs or uceprotect: Do greylist. If no tests matched: Don't greylist. ---8<--- The greylist code does some massacring of mail addresses, has host whitelisting, and reports to a very short lived blocklistthingy. Some of the stuff above uses data from other parts of our filter.
Has anybody already implemented it?
Yes. I have. :-)
Is there already something able to implement it?
MIMEDefang (a sendmail milter) together with code from my filter at <http://whatever.frukt.org/mimedefangfilter.text.shtml> could be used as a starting point. Regards /Jonas -- Jonas Eckerman, FSDB & Fruktträdet http://whatever.frukt.org/ http://www.fsdb.org/ http://www.frukt.org/
