It would be fun to take greylisting one step farther than having a
built in white list. It should also have a built in black list that
leads the greylist tool to become a tarpit toy. This would be engaged
automatically if the email is to a nonexistent address within the
domain or nonexistent users.
{^_-}
----- Original Message -----
From: "Steve Prior" <[EMAIL PROTECTED]>
> Lately I've been noticing that while the amount of spam that gets
> through SpamAssasin hasn't been too much, the number of entries in my
> spam folder has doubled or tripled in recent weeks. One spammer I'd
> especially like to make cry is Casino Zeal which keeps spamming and
> spamming, almost never gets through to my Inbox, but wastes my bandwidth.
> I have and like having a wildcard address for my domain, but recently
> I'm seeing spam sent to one made up address at my domain cc'ed to a list
> of made up addresses at my domain, so I see lots of copies of the same
spam!
>
> I was thinking of a combination of SpamAssassin and greylisting where
> once SpamAssassin processed an email and flagged it as spam, the IP
> address of the received from as well as the subject of the email
> would be added to a list. The list would be aged somehow.
>
> Here's my idea for processing:
> When delivery of any new email was attempted, the default would be to
> not greylist it. However, if the received from IP is on the list OR
> if the words in the subject line are some percent similar to a line
> in the list, then it gets greylisted. Anything that gets through the
> greylisting then goes through SpamAssassin.
>
> My thinking is that this should have a REALLY low number of hams
> delayed by greylisting, but I'm seeing a lot of repetition in
> the spam I'm currently getting.
>
> Has anyone already implemented something like this?
>
> Steve
>
> Marc Kool wrote:
>
> > greylisting has a small drawback, the delay.
> > After implementation I watched it closely and in my case all
> > legitimate servers sent the message again after 6 minutes or so.
> >
> > The greylisting for postfix that I use (www.postgrey.org) has a
whitelist
> > so if you have 24x7 service contract with company ABC and might
> > need to receive *urgent* mails from them, you can whitelist them.
> >
> > -Marc
