[Mimedefang] Greylisting a relay/email
David F. Skoll
dfs at roaringpenguin.com
Thu Aug 9 21:52:38 EDT 2007
Oliver Schulze L. wrote:
> My question is about identifying the email and about greylisting a relay or
> only a unique email comming from that relay.
We greylist individual e-mails. However, when a given IP address
passes the greylisting test, we don't bother greylisting mail from that
IP address for 40 days. After all, if the machine correctly retried
once, it will probably retry all the time and greylisting it will gain us
nothing (and annoy the admin of the machine.)
> Also, I was thinking of using this info to uniquely identify and email:
> subject, size, from, recipients, relay_ip
Be careful about "size". That might change between retries, believe
it or not.
> Doing a md5 sum of the entire email will help? Or will load the
> server too much? I have done some md5 test and it can indeed
> identify the same email, no header modification is done in the
> remote server, but maybe botnets can change header info.
Lotus Notes definitely changes the MIME boundary on *each* retry, which
will break the MD5 approach. Our commercial product (CanIt) uses a hash
to uniquely identify messages, and it took a few tries to get a hash
that works reliably in the face of certain MTA stupidity...
More information about the MIMEDefang