brainstorming this topic: Re: [Mimedefang] Spam with more than one recipient - reject or not?

Steffen Kaiser skmimedefang at smail.inf.fh-bonn-rhein-sieg.de
Wed Sep 7 02:39:53 EDT 2005 

On Tue, 6 Sep 2005, Wesley Peters wrote:

While writing the former reply, some idea developed, it tries to extend 
Greylisting:

Consider a message for multiple recipients, some do like it, some do not.

+ During filter_end() you score why the recipients don't like it (e.g. 
some reasons might not be appropriate for this idea); then you save the 
pair (envelope sender, envelope recipient) into a database.

+ The whole message is tempfailed.

+ When a message arrives, you check in filter_recipient(), if the DB 
contains the pair (sender, recipient), if so, the recipient is tempfailed.

+ The database entries are deleted after, say, one hour.

+ Eventually within the grace time of 1h, the message with the mixed 
recipients is retried, the recipients, who don't like the message, get 
tempfailed, the others pass.

+ When the message is retried again after the grace time, all recipients 
don't like the mail and it is bounced.

The basic idea is to assume that a sender will send SPAM the next time, 
too.

This assumption is also the weak point because of all the faked sender 
addresses. There will be well-known senders that, when arriving from 
certain hosts, are no SPAM mostly, so they can be exempted from this 
technique.

There will be several scenarios, that make this technique cumbersome, 
because it is possible that a mail gets tempfailed forever without being 
scanned at all.

E.g.:

+ Mail A of faked sender S arrives has multiple recipients, recipient R 
don't like the message; the pair (S, R) is stored into the DB.

+ Mail B arrives from real sender S to R (single recipient) within grace 
time. But it is tempfailed. You don't know whether this is message has one 
or recipients, hence, you must honor the DB any time.

--> When message A is never retried _within_ the grace time, it will 
tempfailed forever and possibly prevent scanning and delivery of Mail B 
that way.

Does anybody has some idea to eliminate the weak points?

Bye,

-- 
Steffen Kaiser

More information about the MIMEDefang mailing list