On Mon, 19 Jun 2006, Rick Macdougall wrote:
> JamesDR wrote:
> > 1) Message comes in, check against AWL, if sender/ip pair do not exist,
> > send the tempfail, if sender/ip pair do exist:
> > 2) Check the average score against some threshold (say 4 points as a
> > figure.) If sender's score is over this value (still at the header
> > stage) send tempfail, if the sender's average score is below:
> > 3) Send the message on through to the AV's, SA, etc..
> > 4) SA will adjust the totals, rinse and repeat.
>
> If sender/ip pair is in AWL, it's most likely in the greylisting
> database as well and will be allowed in.
You've missed a point. In the traditional greylisting database you
list by sender/ip -and- recipient address. This is to prevent a
machine-gunning spammer from getting a 'bye' for hitting previous
targets. (IE you only do the greylist pass if the triple of
sender & recipient & ip address match).
If you do the suggested AWL lookup then you can use the sender/ip
score entries as an indication of "credibility" for sending to other
recipients; all done at the SMTP header stage so low overhead.
You could also use this as a selective greylist system:
1) If there is no AWL/greylisting-database entry for the sender
or a 'good' score in AWL, don't greylist, just pass thru SA as a
normal message (but also do -not- add to greylisting-database).
2) If 'bad' AWL score and not in greylisting-database, greylist delay.
3) If 'bad' AWL score and in greylisting-database pass thru to SA.
So if the sender is unknown to you, you give them the benefit of the
doubt (no greylist delay) but do the SA score to get a ranking.
If known 'bad' then delay, if known 'good' no delay.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
