Davide D'AMICO wrote: > 2008/9/7 Eric Shubert <[EMAIL PROTECTED]>: >> I think I can field this one. ;) >> >> Davide D'AMICO wrote: >>> 1) Isn't more useful to graylist senders using their ip address rather >>> than only its >>> email address, like this: >>> /var/db/spamdyke/graylist/domain/rcpt/sender/ip_sender ? >> Some large (think yahoo, gmail) mailers use server pools. Retries might be >> sent from a different server, causing a message to be graylisted many times. >> >> Personally, I think it'd be ok to use IPs for a type of whitelist after the >> IP has passed graylisting. After all, once an IP has passed for one >> domain/sender, wouldn't it pass for all other domain/senders too? However, >> this adds another level of complexity (a pre- and a passed- gray list, >> sometimes referred to as a dual key). If this proved to be a good method, a >> global whitelist service based on the post-key (simply IP address), sort of >> like RBLSs but RWLs, could be implemented. I don't know if anyone's pursued >> such a thing or not. Seems feasible to me though. > You are right, but server pools are well known (gmail, yahoo, msn and others) > and could be easily discovered and included in a whitelist.
Yes, but they change, so you'd need some sort of maintenance procedure to keep them up to date. It's a slow moving target, but far from being fixed. Adding a manual maintenance burden is bad. If it were automated though, that'd be ok. > A spammer tends to use only an IP address or few ip addresses, so > using a graylist > method with single ip addresses could improve security. How would it "improve security"? Needs explanation. -- -Eric 'shubes' _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
