[Mimedefang] Greylisting thoughts (was: greylisting stats)
Jonas Eckerman
jonas_lists at frukt.org
Sat Dec 13 15:12:37 EST 2003
Some thoughts on greylists that might be of interest to others:
After reading my logs and looking at sender addresses I saw quite a lot of stuff like this:
sentto-12345-62624-424214-jonas_lists=truls.org at returns.groups.yahoo.com
Addresses with ever changing numbers (sometimes decimal, sometimes hexadecimal) in order to track bounces. My first reaction to this was to only check the domain of sender addresses in my greylisting, in order not to delay every singel mail sent from a n umber of mailing lists, but some more thoughts made me change that to this:
my $au = $a;
my $ad = $a;
$ad =~ s/.*@([^@]*)$/$1/;
$au =~ s/@[^@]*$//;
[...]
$au =~ s/(.+)\+.*$/$1/;
my $aut;
my $autt = $au;
do {
$aut = $autt;
$autt =~ s/^(|.*[^a-z0-9])[a-f0-9]*\d[a-f0-9]*(|[^a-z0-9].*)$/$1#$2/;
} until ($autt eq $aut);
$au = $aut if ($aut =~ /[a-z0-9]/);
[...]
return greylist_strip($au."@".$ad);
$au above is the user part of the addres (and of course there's actually more code around and in between). I do this on both sender and recipient.
This takes care of two things:
1: numbers will be replaced with #, but not if the whole user part consists of numbers. So
"kalle_12124e6a at nisse.org" becomes "kalle_#@nisse.org"
but
"244ae-146ea at svenne.se" will be unchanged.
2: Stuff after a + is stripped, if ther is anything before the +. This is because lots of systems (including some of ours) allows a kind of parameters after a + in the user part, meaning only the stuff before the + is actually important for determining wich user receives the mail. So
"kalle+lists at nisse.org" becomes "kalle at nisse.org"
but
"+urban at svenne.se" will be unchanged.
Of course, this stuff is only for creating greylist triplets. :-)
Regards
/Jonas
--
Jonas Eckerman, jonas at truls.org
http://www.truls.org/
More information about the MIMEDefang
mailing list