On Thu, 29 Nov 2012, David F. Skoll wrote:
On Thu, 29 Nov 2012 21:27:19 +0100
"Andrzej A. Filip" <andrzej.fi...@gmail.com> wrote:
Do you treat "yahoo like" spam sources in the same way?
With respect to greylisting, of course. If a machine passes greylisting
once, it's extremely likely to pass it in future and it's an utter waste
of time to greylist it.
Modulo spamvertised URIs and spam checksums sent via such hosts,
particularly if they are freemail.
Filtering out the spambots who don't retry (and as trivial as that is to
defeat, a large amount still gets blocked by this in my experience) is not
the _only_ reason to greylist. Giving the URIBLs a chance to list a new
URI and the checksum services a chance to recognize a new body are also
benefits of greylisting. (But, as you said, you don't take advantage of
those tools.)
Also, greylisting generally keys on host+sender, not just host.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
"Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
does quite what I want. I wish Christopher Robin was here."
-- Peter da Silva in a.s.r
-----------------------------------------------------------------------
26 days until Christmas
