> From: Roland Pope > Sent: Monday, January 09, 2006 5:50 PM > > One idea I had was to try and create a whitelist entry in the > database for > emails sent from within my network to customers, to try and reduce delays > for initial replies from said customers. > > Ie. When one of my users sends an email from [EMAIL PROTECTED] to > [EMAIL PROTECTED], I lookup custnet.com in DNS, get the IP's of the > highest priority MX's and create a whitelist entry so that it > decreases the > chance that a reply from [EMAIL PROTECTED] to [EMAIL PROTECTED] gets > delayed by the greylist code.
Others have mentioned possible problems with this approach. I'll add one more: viruses. If one of the client PC's on your network gets hit with a virus then it may try to send mail to every address in the user's address book; presumably many of those addresses will be for clients. You might catch many of those virus initiated e-mails via a virus scanner. However, many installations don't scan outgoing messages for viruses (we don't), so they won't be caught in this fashion. Q: As a matter of best practice should we be scanning outgoing messages for viruses, and rejecting them? A couple of ideas on the incoming side: 1. RDNS the sending relay, and match the domain name against a list of domain names of customers, which might be found by saving outbound domains as you describe above (with the caveats as described also). 2. Something I've toyed with: _if_ the sending relay supports SPF and the SPF validates - accept the mail unconditiionally and don't greylist it. You might need to run another milter for validation, or adapt some Perl code to the task. There may be other validation methods (HABEAS, etc) that work here. 3. Match the sender's mail address domain to the RDNS domain. If they match, let the mail through without tempfailing (this is weaker than SPF, so must be done after the SPF check). To catch some of the cases where a spammer hijack's a legitimate user's PC, and sends mail as that user (haven't seen this, except for viruses, but it seems possible), perhaps it is a good idea to _always_ tempfail messages with many recipient addresses? _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
