Hello exim-users,
I would like to discuss the following idea:
Usually a greylisting triplet consists of:
(IP address of the connecting host || Envelope sender address || Envelope
recipient address)
Once a message passes the greylisting, it is assumed that this (sender+host)
can be "trusted" for a specific recipient. But with multiple sender IPs for the
same sender address, the same sender will be greylisted again, when sending
from a different IP (e.g. Google).
As far as I know, there is no solution for that problem.
What about this:
deny spf = fail
deny spf = softfail
deny spf = err_perm
defer spf = err_temp
...
# now we only have to deal with spf = pass or none
...
greylisting (on condition X) using quadtuple: (IP address of the connecting
host || Envelope sender address || Envelope recipient address || SPF entry)
Whereas the SPF entry could be sth like: ${lookup dnsdb{>:
txt=$sender_address_domain}}, or even better, give exim a new
$spf_stored_record variable that stores the content of the txt/spf record after
the check is done. (a more advanced lookup would be better too. Additionally,
one should be able to look up spf records, not just txt!
http://www.exim.org/lurker/message/20090715.100550.553ea233.en.html)
That way, we can ask:
"If spf=none, do lookup as usual", otherwise add to database ...
"If SPF/TXT record of new message is already in greylist database and passed it
once with sender-address-from-db=new-message-sender-address, we accept",
otherwise add to database ...
Because we denied failed spf checks earlier, we can be sure that the spf
entries in our database are genuine. Using the above method, we reward senders
that publish spf records and treat others just as usual.
Probably, the gain is very small and the loss in performance does not justify
it. (Perhaps, it makes sense if we have a very selective greylisting and small
greylisting database)
Just an idea ...
Cheers,
Vincent
PS: I assume a greylisting setup like this one, not a a separate greylisting
daemon: http://wiki.exim.org/FastGrayListMiniTutorial
PPS: The referenced wiki entry does not implement greylisting as it is
intended. It stores _only_ the sender's domain instead of the complete sender's
address. Additionally, multiple IPs are not possible. IMHO this is not what
most greylisting people want!
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
