> On Nov 14, 2014, at 00.35, John Hardin <jhar...@impsec.org> wrote: > > On Thu, 13 Nov 2014, listsb-spamassas...@bitrate.net wrote: > >> all of the emotional postulative opining aside, one possibility i have been >> considering is having postfix delay relay of messages to the content filter >> for a few minutes, as it seems that when these messages reach us, they're >> only minutes away from being matched by network tests [this is what i asked >> postfix-users about]. i'm interested to hear from folks on this list >> regarding this idea, as well as possible alternatives to dealing with this >> phenomenon. > > It's called greylisting and many people (including myself) have good results > with it.
yeah, i'm very familiar with greylisting. it's something i've used in the past, and for a time, it worked reasonably well. for me, that time has passed. i've dealt with all topics that come up when greylisting is discussed; user expectations, political interests, scalability, reliability of remote systems, purist arguments, etc, etc. the the problems it causes outweigh its benefits at this point, from my experience, and so i no longer use it. in any case, delaying the relay of messages is different than delaying the acceptance of messages, the latter has numerous advantages in managing the activity, as it's done within a controlled environment. that said, i do use postscreen, and i do use after 220 tests, and this does help some. ultimately though, mail gets through. one characteristic that appears to be pretty consistent is the age of the domain name that a given message references [from header, envelope sender, ptr record for remote mailservers referenced in received headers, etc]. quite often, the domain names are very recently registered. in many instances, the very same day the messages are received. is there a rule/ruleset out there that adds points to a score based on domain name age? the newer the domain, the higher the score is pushed up? -ben