On Fri, 29 Jul 2016, Dianne Skoll wrote:
On Fri, 29 Jul 2016 08:35:46 -0700 (PDT)
John Hardin <jhar...@impsec.org> wrote:
Greylisting means *you don't see the content at all during the
delay*. You tell the sending MTA to try again later when they first
connect and send the MAIL FROM and RCPT TO. If you implement the
delay *after* you've already received the content, then you're
totally missing the point of greylisting.
Yes, that's what naive people think. :)
We do post-DATA greylisting for two reasons:
1) If our customer has whitelisted a sender, but the whitelisted sender
is in the From: header and not the envelope, we want the ability to skip
greylisting in that case. Yes, I wouldn't choose to do that, but...
the customer is always right. (*snicker*)
2) Spammers sometimes send from the same (IP, MAIL From, RCPT To) triplet
but mutate the message subject. If you mix the message subject into
the greylisting criterion, it makes greylisting even more powerful.
A third reason which we don't yet implement because it's a bit of a research
topic at this point: It might be handy to feed greylisted messages into
Bayes if they never pass the greylisting hurdle after a certain time period.
Interesting. I stand corrected. Thanks!
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Phobias should not be the basis for laws.
-----------------------------------------------------------------------
7 days until the 281st anniversary of John Peter Zenger's acquittal
