Actually, this isn't a bad idea, it just won't work with spamdyke. As I understand it, you want to use a successful graylist entry as evidence that the sending server is legitimate. For example, once a message from gmail.com has passed the graylist, there's no point in graylisting all of its future messages because obviously the server will retry and eventually pass the filter. Always enforcing the graylist seems like a waste of time and resources.
Unfortunately, when spamdyke creates a graylist entry, it only looks at the sender's and recipient's email addresses. It doesn't look at the sending server's name or IP address. So, if a message is received from an aol.com mail server, from an aol.com email address, it will pass the graylist filter because AOL uses real mail servers that retry deliveries. However, if a spambot on a cable modem sends a message from a different aol.com address, the graylist filter could stop it because the spambot won't retry the delivery. Just because both messages appear to come from aol.com addresses is irrelevant. The sending server is what's important. Even if spamdyke checked the sending server's IP address, you still want graylisting to always take place. Imagine a scenario where a business hosts their own email in-house, using an Exchange server behind a NAT firewall. All connections to spamdyke, whether they are from the Exchange server or the virus-infected Windows workstations, will appear to come from the same IP address. The Exchange server will always pass the graylist filter but the infected PCs won't. A little background: spamdyke doesn't consider the sending server's IP address when graylisting because large mail hosts (e.g. GMail, AOL, Yahoo!) use multiple outbound SMTP servers. When a user sends a message, server A will attempt to deliver it, get graylisted and put the message back in the queue. Later, server B might retry the delivery and get graylisted again. In that situation, a message could easily bounce before it passed graylisting. -- Sam Clippinger mrxxxmryyy wrote: > Hello, > > >> You must be either hosting couple of user accounts only or >> you had never spent a second reading your servers' logs. >> > > I'm not sure if it matters as far as my idea is concerned. > > >> Exampke below, just randomly-picked machine I have, todays log >> (and I see thousands of this shit daily; replaced target, >> legitimate domain with @x, but it does not really matter): >> > > I'm afraid it has nothing to do with the idea. To make it simple > again: John and George have email accounts on my server. Jane (who > has an email account on some server, not mine) sends an email to John. > Since it is a legitimate email it is passed after graylisting. > > OK, and now the clue. There's next email from Jane. It is to George, > and this is _the_only_ difference from email number 1 to John (so it > would be passed if it was to John, however it is to George so it isn't > passed because it's graylisted first). > > So, if email no. 1 has been passed and now Spamdyke remembers that > every email from Jane (sender, IP, etc.) to John should be accepted > for given time without graylisting it, why not make use of this and not > to apply this rule for mail from Jane to George? > > _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
