> -----Original Message----- > From: Steve Kemp [mailto:st...@steve.org.uk] > Sent: Sunday, August 30, 2009 6:31 PM > To: Michael Papet > Cc: qpsmtpd@perl.org > Subject: Re: Newbie Plugin Advice > > On Sun Aug 30, 2009 at 17:22:43 -0700, Michael Papet wrote: > > > I've been modding other plugins and am scheming to write a plugin > > that does the following. > > > > 1. mail passes the usual plugins tests > > 2. Generate an MD5 signature on the body and title. > > 3. Check for the md5 signature in a db. If it finds one, accept the > mail. > > If it doesn't reject the mail. > > > > The general idea being, more legitimate mail will retry. > > Essentially the behaviour you're expecting is that: > > * Mail will be refused the first time it is delivered. > * The mail will subsequently be accepted. > > Congratulations - you've reinvented greylisting: > > http://en.wikipedia.org/wiki/Greylisting > > Only your approach is a little more complex than the standard one. > > > A. Should I even bother? I'm not enough of an admin to know > > if this would be a worthwhile endeavor. This may be exploited by > > spammers already. > > I'd suggest not, and that the more basic and already written > greylisting plugin would be the way to go if you want this > behaviour. > > In my personal experience greylisting isn't as effective as it > once was. In the past random compromised machines would fire off > lots of SMTP connections and ignore errors. These days more of my > spam > comes from compromised machines that route via their ISPs - and so > they are requeued a lot of the time. > > Still other people swear by the approach, so you might find it > works for you. > > Steve
I would lean towards being slightly more positive about this approach (at least in the sense that I don't think it's unquestionably a complete waste of time). You have indeed basically come up with a greylisting scheme, but the fact that it is content based may provide some value that typical sender based greylisting does not. For example it might give you a higher likelihood that URIBL's or content based systems like Cloudmark will catch a bad message with that delay. I have no idea if that will actually be true, or if the greylisting period will be long enough to be of benefit in that sense. It is certainly true that the percentage of mail that doesn't bother to retry continues to dwindle in my experience so that benefit may be limited. In essence I would say that both the biggest benefit and the largest drawback is that you would be deferring every price of content even from generally trustworthy sources like ISPs. My best guess is that the cost of slowing down all of your mail and the effort to maintain things like whitelists of sources you always trust and never want to defer will make this system untenable. But that is mostly a gut feeling. If you do test out something like this whether it works or not I think a lot of people would be interested to know how it turns out and whether it impacts the effectiveness of anything else in your filtering stack. Robert