Actually, this isn't a bad idea, it just won't work with spamdyke. As I
understand it, you want to use a successful graylist entry as evidence
that the sending server is legitimate. For example, once a message from
gmail.com has passed the graylist, there's no point in graylisting all
of its future messages because obviously the server will retry and
eventually pass the filter. Always enforcing the graylist seems like a
waste of time and resources.
Unfortunately, when spamdyke creates a graylist entry, it only looks at
the sender's and recipient's email addresses. It doesn't look at the
sending server's name or IP address. So, if a message is received from
an aol.com mail server, from an aol.com email address, it will pass the
graylist filter because AOL uses real mail servers that retry
deliveries. However, if a spambot on a cable modem sends a message from
a different aol.com address, the graylist filter could stop it because
the spambot won't retry the delivery. Just because both messages appear
to come from aol.com addresses is irrelevant. The sending server is
what's important.
Even if spamdyke checked the sending server's IP address, you still want
graylisting to always take place. Imagine a scenario where a business
hosts their own email in-house, using an Exchange server behind a NAT
firewall. All connections to spamdyke, whether they are from the
Exchange server or the virus-infected Windows workstations, will appear
to come from the same IP address. The Exchange server will always pass
the graylist filter but the infected PCs won't.
A little background: spamdyke doesn't consider the sending server's IP
address when graylisting because large mail hosts (e.g. GMail, AOL,
Yahoo!) use multiple outbound SMTP servers. When a user sends a
message, server A will attempt to deliver it, get graylisted and put the
message back in the queue. Later, server B might retry the delivery and
get graylisted again. In that situation, a message could easily bounce
before it passed graylisting.
-- Sam Clippinger
mrxxxmryyy wrote:
Hello,
You must be either hosting couple of user accounts only or
you had never spent a second reading your servers' logs.
I'm not sure if it matters as far as my idea is concerned.
Exampke below, just randomly-picked machine I have, todays log
(and I see thousands of this shit daily; replaced target,
legitimate domain with @x, but it does not really matter):
I'm afraid it has nothing to do with the idea. To make it simple
again: John and George have email accounts on my server. Jane (who
has an email account on some server, not mine) sends an email to John.
Since it is a legitimate email it is passed after graylisting.
OK, and now the clue. There's next email from Jane. It is to George,
and this is _the_only_ difference from email number 1 to John (so it
would be passed if it was to John, however it is to George so it isn't
passed because it's graylisted first).
So, if email no. 1 has been passed and now Spamdyke remembers that
every email from Jane (sender, IP, etc.) to John should be accepted
for given time without graylisting it, why not make use of this and not
to apply this rule for mail from Jane to George?
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users