Menu
▾
▴
Re: [Sqlgrey-users] warn_if_reject to populate the db
|
From: Michel B. <mi...@bo...> - 2005-06-28 14:24:44
|
Le Mardi 28 Juin 2005 16:05, Lionel Bouton a =E9crit : > > Combining results of various checks at the Postfix level is rather > cumbersome. I wouldn't say "cumbersome", I would say "flexible". It allows you to=20 configure exactly what you want, how you want it, with the tools of your=20 choice. SPF and greylisting have nothing to do together. If you first integrate S= PF=20 into SQLgrey, then why not integrate DNSBLs as well ? Then RHBLs... And=20 then... Furthermore, my current traffic show that SPF actually stops very _little= _=20 mail, so its efficiency is still very marginal, compared to greylisting t= hat=20 stops the vast majority of junk... > This is why I added a reference to SPF in my TODO: my idea=20 > was that it wouldn't bring much benefit to greylist already known good > MTAs. SPF doesn't define any "good" MTA by itself. It only lists "domain-approv= ed"=20 MTAs. If spammerdomain.com defines spammermachine as authorized for the=20 domain, then it's OK for SPF. Mr. Joe Spammer can also put a "+all" SPF=20 record for his spammerdomain.com, and then any open proxy out there will = be=20 "SPF approved" for relaying his spam... > We could combine a domain whitelist with SPF checks: if the source=20 > domain is in the whitelist and the SPF checks are OK, don't greylist. Yes, it can be useful in this way _only_ with a manual whitelist. But why= =20 bother, as the greylisting system will create its AWL automatically with = much=20 less effort than having to maintain a manual WL ? --=20 Michel Bouissou <mi...@bo...> OpenPGP ID 0xDDE8AC6E |
