Milter-greylist

On Fri, 2006-12-22 at 13:36, Emmanuel Dreyfus wrote:

>> It would be nice if blacklisting would work similiar to greylisting
>> so that it would populate the badSender table that greylisting does.
>> As it is now, 'blacklisting' seems to really be an automatic
>> REJECTer.
> 
> Is milter-greylist of any interst for that? Just forward mail sent to
> the honneypot address to a program that perform the blacklisting 
> operation. 

I can respond to this, since it's a feature that I am very much
interested in. In fact, this feature is the reason I subscribed to the
group -- been lurking to get a feel for the community and see if anybody
else mentions the same idea. I guess now's the time.

The idea I was toying with was this: if the milter receives mail for the
bogus address (presumably an address hidden on our homepage along with
legit addresses), it rejects in the same way as if it were greylisting,
but silently adds the sender IP to the blacklist for a period. When the
same spammer retries, all their mail is rejected outright. Looking at my
mail logs makes me think that this would be quite effective.

The reason for pretending to greylist is to prevent the spammer from
discovering what the bad address is. Perhaps that's not worthwhile.

Thinking further, I suppose I could whitelist the bogus address and have
some other milter handle the auto-blacklist. But then it must either
accept or reject the mail. So mail sent to the honeypot address is
treated differently than that sent to other addresses, making discovery
of which address causes blacklisting relatively easy. Again, maybe
that's not worth worrying about, but I prefer not to give spammers any
clue about how to circumvent my defenses.