[Mimedefang] greylisting does it still work?

David F. Skoll dfs at roaringpenguin.com
Wed Apr 18 08:59:20 EDT 2007


ADNET Ghislain wrote:

> if greylisting use a policy based on a server able to resend email,
> could it be done in the helo phase as the source ip of the sending
> server should be enough to greylist it.

It's much more effective to use (source_ip, envelope_sender,
envelope_recipient) -- otherwise, a zombie that's spewing spam will
be greylisted for the first recipient only, and everything else will
get through.

In our commercial product, we have noticed that ratware is taking
specific anti-greylisting measures, retrying 5 times, 5-15 minutes
apart each time .  However, the ratware mutates the message, so we are
modifying our greylist tuple to be (source_ip, envelope_sender,
envelope_recipient, message_subject)

Regards,

David.



More information about the MIMEDefang mailing list