On Tue, 2004-08-03 at 14:46, Steve Prior wrote: > I was thinking of a combination of SpamAssassin and greylisting where > once SpamAssassin processed an email and flagged it as spam, the IP > address of the received from as well as the subject of the email > would be added to a list. The list would be aged somehow. > > Here's my idea for processing: > When delivery of any new email was attempted, the default would be to > not greylist it. However, if the received from IP is on the list OR > if the words in the subject line are some percent similar to a line > in the list, then it gets greylisted. Anything that gets through the > greylisting then goes through SpamAssassin. > > My thinking is that this should have a REALLY low number of hams > delayed by greylisting, but I'm seeing a lot of repetition in > the spam I'm currently getting. > > Has anyone already implemented something like this? > > Steve
One of the nice things about greylisting is you don't receive the data portion of the message. (at least in most implementations). All you get is the IP address of the MTA, sender, and recipient. That information forms a tuple that is stored in the database. The remote MTA is then told to come back later. Currently you can set this to just a few minutes. Most legit MTAs will retry within 5 minutes or so. As such most legit email that has not already been whitelisted will not be delayed very long. I was also seeing spam with multiple random guessed recipients. Greylisting has eliminated those as well as 98 to 99% of the spam I was getting. The rest spamassassin handles. I don't think the email server has been idle like this in a long time. :) -- Scot L. Harris [EMAIL PROTECTED] Down with categorical imperative!
