[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] greylisting with whitelist of good mailservers

To: William Leibzon <william at completewhois.com>
Subject: Re: [Asrg] greylisting with whitelist of good mailservers
From: "Eric A. Hall" <ehall at ehsco.com>
Date: Thu, 09 Feb 2006 01:25:25 -0500
Cc: asrg at ietf.org, John Levine <asrg at johnlevine.com>
In-reply-to: <Pine.LNX.4.61.0601291801010.16021@cwhois0.completewhois.com>
List-archive: <http://www1.ietf.org/pipermail/asrg>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
References: <20060129155007.46313.qmail@simone.iecc.com> <Pine.LNX.4.61.0601291801010.16021@cwhois0.completewhois.com>
Sender: asrg-bounces at ietf.org
User-agent: Mozilla Thunderbird 1.0.6 (Windows/20050716)

On 1/29/2006 10:27 PM, William Leibzon wrote:

> What I'm thinking for one of the next stages is change this whitelisting
> ip database into (IP,score) where score is updated and is medium of the
> scores of the emails that came from the system before - i.e. it basicly
> is a real-time updated reputation system.

I did some work on something like this a while back by overloading the
SpamAssassin auto-whitelist database--tuples and reputation information is
already stored there, and I pass most incoming mail through SA while the
session is still active, so I get to reuse some of that info for free.
http://www.ehsco.com/misc/sagrey/ is where the SA plugin lives if you want
to look at it.

Right now I'm only using it to add an extra score for mail that appears to
be spam and originated from an unknown tuple, but what I want to do is
defer acceptance based on whether or not the rule fired (essentially
allowing me to restrict greylisting to mail that is likely spam from
unknown tuples). I couldn't do that with Postfix last time I looked
(header checks could not generate a DEFER action) and I haven't had time
to rebuild my whole mail system yet.

As to what you are pursuing, a similar approach would let you leverage the
reputation score associated with the tuple in the AWL, which seems to be
mostly what you are looking for.

-- 
Eric A. Hall                                        http://www.ehsco.com/
Internet Core Protocols          http://www.oreilly.com/catalog/coreprot/

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Follow-Ups:
- Re: [Asrg] greylisting with whitelist of good mailservers
  - From: william

References:
- Re: [Asrg] greylisting with whitelist of good mailservers
  - From: John Levine
- Re: [Asrg] greylisting with whitelist of good mailservers
  - From: William Leibzon

Prev by Date: Re: [Asrg] Re: Charging for e-mail
Next by Date: Re: [Asrg] greylisting with whitelist of good mailservers
Previous by thread: Re: [Asrg] greylisting with whitelist of good mailservers
Next by thread: Re: [Asrg] greylisting with whitelist of good mailservers
Index(es):
- Date
- Thread