[Mimedefang] greylisting does it still work?
David F. Skoll
dfs at roaringpenguin.com
Wed Apr 18 09:26:54 EDT 2007
Jeff Rife wrote:
>> In our commercial product, we have noticed that ratware is taking
>> specific anti-greylisting measures, retrying 5 times, 5-15 minutes
>> apart each time . However, the ratware mutates the message, so we are
>> modifying our greylist tuple to be (source_ip, envelope_sender,
>> envelope_recipient, message_subject)
> Do you have any extra problems with mailing lists or similar automated
> (but legitimate) systems with this approach?
Not so far. Mailing list software doesn't mutate the subject when
it retries, and we have code to work around some mailing list software
that mutates the sender address on each retry.
A very important part of our greylisting mechanism is that once a host
*does* pass the greylisting threshold, we turn off greylisting for that
host for 40 days. (The theory is, if it passed greylisting once, it will
pass it in future.) That really helps keep delays down.
Regards,
David.
More information about the MIMEDefang
mailing list