Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: mouss (moussnetoyen.net)
Date: Thu Apr 10 2008 - 02:54:02 CDT
> mouss - that's essentially what I said - although I was under the
> impression that nearly all ratware didn't retry. You seem to be
> saying the opposite. Now, I trust your up-to-date knowledge more than
> mine, but wasn't that PRECISELY the thing greylisting was developed to
> do? i.e. deter ratware that didn't retry?
Even at the time, people knew that spamware would retry if greylisting
becomes widely used. note that this does not require queuing messages.
they just need to retry using the same client IP, sender and recipient.
that said, not all spamware retries. so GL will still stop some portion
Some people use GL in the hope that the client would be listed in a
DNSBL in the meantime. but this is only effective if the delay is long
enough. but this is not greylisting per se (the client IP is enough: no
need for triplets).
>>> Especially, for an unknown recipient. If you want greylisting
>>> to be immediate, configure policyd to return "DEFER" instead of
>> I don't know if Sami's policyd can be configured to do so. Isn't the
>> result hardcoded?
> Well, if it can do it, I can't find it :D
As of 1.82, it's hardcoded.
== ... policyd.h:
#define POSTFIX_GREYLIST "action=defer_if_permit Policy Rejection-"
so you can customize the text that goes after the string (the
GREYLIST_REJECTION option) but not the whole string.
you can patch it if you feel confortable...
> So currently I have a policy server installed that simply seems to
> collect triplets of various kinds but still passes the mail on to
> postfix to do (expensive) mysql and dns lookups on. I'm asking myself
> a not unreasonable question - why do I have a policy server? :)
> (Since I'm not using it to throttle/limit ingoing/outgoing mail, nor
> do I have a spamtrap)..
many people apply greylisting to transactions that are not blocked by
other checks. they generally do the policy call at last.
now, if you want a "defer", either patch the source code or use another