[Mimedefang] Greylisting is GREY-ATE

Jonas Eckerman jonas_lists at frukt.org
Wed Dec 31 16:36:54 EST 2003 

On Sun, 28 Dec 2003 01:59:00 -0600, Steven Rocha wrote:

>  WOW!!!  This is about all I can say.

Agreed. :-)

>  their installations.  I have looked at Jonas' greylisting
>  implementation but I could not get around the O_EXLOCK flag, YET!  

I don't think that'd bee too hard. I think David uses the more portable method with a lock file in his code. That method should work fine with my code as well.

OTH, it shouldn't be too hard extending Davids code and giving it some of the futures from my code either. Especially my handling of from addresses and IP-octets (in order to let mails from maililing lists and server parks thorugh should be easy to just copy to his implementation.


>  Also, should I be worried about any pitfalls of the basic
>  implementation by David.

If Davids implementation isn't prepared for future changes, you might want to do something similar to the way I store the data as you are allready planning to add features. Note that I don't remember how he stores stuff in the database, so this might well be taken care of allready.

I've deliberately decided on storing the stuff in a way that allows for future expansions and/or changes. That's why I prefix the keys with "I:" (it allows me to change the format or use the database for other stuff just by prefixing the new stuff with something else), and why I store the actual data as a semicolon-separated string (it allowes me to add other fields to the data without having to change a lot of code and/or rebuilding the database). Examples of why I think this is useful follows below.

Note: The ideas below are not mine, I read them on this list.

For example I'm thinking of checking how many times a host has retried before the black period has ended. Some hosts retries about once a minute, wich I'd like to punish with a slight extra delay. Some (few) hosts retries as fast as they can (the worst I've seen waited between 1 and 8 seconds between each retriy, even after it got a permanent error), wich I'd like to punish with a longer blacklisting (measured in days or weeks rather than seconds or minutes). I could do this without changing much, adding a new field to the end of each new entry in the database.

I'm also considering storing other stuff as well. For example I'm thinking of blacklisting any host that retries a mail more than "x" times after it was rejected with a permanent failure. This blacklist would also be time limited for about the same time as for the evil speed-tretriers above. My greylist database can be used for this, with a new key-prefix. This would, however, require that either the actual mesage or rather a hash of it (excluding headers maybe) is stored, wich requires more resources, so I'm not sure wether this'd be worth it or not.

A, yes. And I'm having vague thought of implementing the relaydb-stuff directly in mimedefang-filter instead of calling an external application. If I actually do this, I can use the same database as for the greylist.

Note: I have no idea if or when I actually do the above stuff. I'm quite busy with other projects as it is.

Regards
/Jonas
-- 
Jonas Eckerman, jonas_lists at frukt.org
http://www.fsdb.org/

More information about the MIMEDefang mailing list