Menu
▾
▴
Re: [Sqlgrey-users] Proposal: Include HELO string in tables
|
From: Michel B. <mi...@bo...> - 2005-01-13 10:06:48
|
Le Jeudi 13 Janvier 2005 10:55, Lionel Bouton a =E9crit : > > I thought of that and even discussed this very same idea on > postfix-users some time ago. I didn't have practical data to back my > claims. Good to know that this wasn't only theoretical. > There's a new thing to take into consideration since then : smart and > classc greylisting algorithms. > > The problem is that connect and awl entries now can reference whole > classc networks to cover for the farm of outgoing mailservers trying to > send the same e-mail. In this particular case, if they don't use the > same HELO string to connect (probably the case if they use their public > hostname), these algorithms are defeated. True. Then we might only try to match on the 1st level domain found in th= e=20 HELO, as it is highly probable that 2 servers in the same farm will be=20 "machinename1.subnet.provider.com" and "machinename2.subnet.provider.com"= ,=20 but they will for sure share the "provider.com" domain. But this would eliminate viruses that come once with "oemcomputer.com", a= nd=20 come back later using "oemcomputer.org", or spambots that come once with=20 "HELO qsdfgh.org" and later "HELO azerty.org" > We could use it when the 'full' algorithm is used or when there's no=20 > valid reverse DNS when the 'smartc' alogrithm is used. This is also an option, but the decision wether or not to use the "full"=20 algorithm in not perfect. I've seen many cases where SQLgrey uses the "cl= ass=20 C" algorithm for end-user DSL addresses. The way different ISPs name thei= r=20 end-user pools can vary quite a lot... > Added to my TODO, 1.5.x or latter. That will have to be tested carefull= y > though... I volunteer ;-) --=20 Michel Bouissou <mi...@bo...> OpenPGP ID 0xDDE8AC6E |
