On Thu, 2009-06-11 at 13:41 +0100, Ian P. Christian wrote: > 2009/6/8 David Woodhouse <dw...@infradead.org>: > > I'd suggest reading http://wiki.exim.org/SimpleGreylisting -- the prose > > sets out some things that you may want to think about regardless of > > which greylisting implementation you use, and then there's an example > > Exim configuration which shouldn't suffer most of the stupid problems > > that postgrey does. > > There's actually a flaw in this implementation here.
Er, thanks for dropping me from Cc when you criticize my work...! :) > # Generate a hashed 'identity' for the mail, as described above. > warn set acl_m_greyident = > ${hash{20}{62}{$sender_address$recipients$h_message-id:}} > > Because it's common at the moment to get a mail to someone sent from > their own address without a message ID, hash clashes occour. Yeah, at the time I first implemented this I was just rejecting all mail without a Message-Id, so it wasn't much of an issue. > I'm currently not sure of the best way to deal with this - perahps > adding the Subject line into the hash... That seems like it would be a reasonable thing to do. Is it enough, though? A lot of spam messages have the same subject line too. What else could we include -- bearing in mind that we have to be sure that it _won't_ get changed by the sending MTA between retry attempts. I suppose we could use the full From:, To: and Cc: headers -- and maybe also the Date: header? > Perhaps I should just block mail sent from someone, to themselves, > with a null message ID. You could use PRVS and just reject _all_ mail which is faked to appear as if it's from your own addresses, surely? -- David Woodhouse Open Source Technology Centre david.woodho...@intel.com Intel Corporation -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/