[Mimedefang] Greylisting++

[Cormack, Ken]

> Well, we don't actually key directly off the 4-tuple.  We hash it
> using appropriate delimiters between the bits.  So we end up with
> something like:

> sha1_hex($sender . '<@>' . $recipient . '<@>' . $ip_address . '<@>' .
$subject)

> The advantages of keying off a hash are that you don't need to change
> your database schema if you throw something else into the mix and you
> don't need to worry about weird characters in the subject.

Agreed.  In my own greylisting function, I do something similar...

sub should_greylist ($$$)
{
  my ($sender, $recip, $ip) = @_;
  my %hash;
  my $time;
  my $count = 0;
  $sender = canonicalize_email ($sender);
  $recip  = canonicalize_email ($recip);
  my $key = "<$ip><$sender><$recip>";
  ::snip::

My sub canonicalize_email strips the smtp addresses of any angle-brackets
and converts them to lower-case, and sub normalize_subject gets rid of any
unpredictable characters in the subject-line (and also converts everything
to lowercase).  So everything going into my "key" is pretty clean, and I
recycle angle-brackets as my own field delimiters.

It'll be easy to pass a fourth parameter ($Subject), and modify the above to
look more like this:

  my ($sender, $recip, $ip, $subject) = @_;
  ::snip::

  $subject = normalize_subject ($subject);
  my $key = "<$ip><$sender><$recip><$subject>";
  ::snip::

Ken