On Tue, 21 Jun 2005, Heinrich Rebehn ([EMAIL PROTECTED]) wrote:
Would it be possible to change this behaviour so that the whitelisting is
done as soon as the same sender/receiver pair is seen again, ignoring the
ip address? This could speed up things a bit.
Here is why that idea won't work, using a current output of an address
which gets a lot of spam (changed domain, obviously):
GREY:24.166.74.197:<[EMAIL PROTECTED]>:<[EMAIL
PROTECTED]>:1119344081:1119372881:1119372881:1:0
GREY:24.174.188.85:<[EMAIL PROTECTED]>:<[EMAIL
PROTECTED]>:1119344053:1119372853:1119372853:1:0
GREY:62.254.134.244:<[EMAIL PROTECTED]>:<[EMAIL
PROTECTED]>:1119344024:1119372824:1119372824:1:0
You'll see that whoever runs that botnet is using the same From/To for
their spam. spamd would be completely ineffectual if it ignored source
IP.
I spent several weeks massaging spamd for problems with mailer pools and
clueless MTA like Lotus Notes and Symantec AV gateways. It takes work,
just like anything else.
Steve