[Mimedefang] greylisting does it still work?

Jonas Eckerman jonas_lists at frukt.org
Wed Apr 18 07:38:10 EDT 2007


Jeff Rife wrote:

[About tempfailing previously unseen hosts...]

> I can't see how this will stop anything more than greylisting by 
> itself.

It doesn't. What it does is stop connections from many zombies 
and virus infected machines in a much earlier stage than the 
normal greylist.

Since my normal greylist tempfails after DATA, this makes a 
difference.

> If a host retries this just means they would have to try 3 times.

A previously unseen host, yes. Unless it is exempted.

> host doesn't retry, then greylisting by itself would weed them out, 
> although you would have to run filter_helo, _sender, and _recipient, 
> but those aren't generally expensive.

I would also have to actually receive the whole mail, wich is 
expensive.

This is done because some braindead mail servers doesn't (or 
didn't) understand tempfails as answers to RCPT.

Also, filter_recipient will contact (through SMTP) the storing 
servers (one of wich isn't on our LAN) to verify each recipient. 
While not as expensive as virus checks and SA, it isn't really 
cheap either.

Regards
/Jonas

-- 
Jonas Eckerman, FSDB & Fruktträdet
http://whatever.frukt.org/
http://www.fsdb.org/
http://www.frukt.org/




More information about the MIMEDefang mailing list