January 13, 2005

Greylisting

Greylisting is a new method of blocking significant amounts of spam at the mailserver level
It's a good method but the mail will be delayed at first time with same "triplet".

ref. Whitepaper | Links to Implementations and Information

"triplet" are

  1. The IP address of the host attempting the delivery
  2. The envelope sender address
  3. The envelope recipient address
The specific methodology for a fairly basic Greylisting implementation is as follows:
  1. Check if the sending relay (or network) is whitelisted, and if so, pass the mail.
  2. Check if the envelope recipient (or domain) is whitelisted, and if so, pass the mail.
  3. Check if we have seen this email triplet before.
    1. If we have not seen it, create a record describing it and return a tempfail to the sending MTA.
    2. If we have seen it, and the block is not expired, return a tempfail to the sending MTA.
    3. If we have seen it, and the block has expired, then pass the email.
  4. If the delivery attempt should be passed and the delivery is successful:
    1. Increment the passed count on the matching row.
    2. Reset the expiration time of the record to be the standard lifetime past the current time.
  5. If the delivery attempt has been temporarily failed:
    1. Increment the failed count on the matching row.
    2. If the sender is the special case of the null sender, do not return a
      failure after RCPT, instead wait until after the DATA phase.

    Posted by pank at January 13, 2005 01:11 AM
Comments
Post a comment













Remember personal info?