Milter-greylist

Matthieu Herrb wrote:
 > Matthias Scheler wrote:
 > > Kai Schaetzl wrote:
 > > > And if it comes in via the second MX IP and the tuple is not already
 > > > known to the greylist db it must be a first attempt which is supposed to
 > > > come from a spammer.
 > >
 > > People tried that scheme in the past and didn't work very will. Problems
 > > like intermittend routing problem cause to many false positives.
 >
 > The idea is that if the 2 addresses are on the same physical interface,
 > on the same subnet of the same machine, it should not be affected by
 > intermittend routing problems (or you are probably in greater troubles
 > than just false positives).

It's not that simple.

Suppose someone somewhere wants to send mail, and his MTA
selects your highest-priority MX.  While trying to send the
mail, there is a problem somewhere.  It could be _anywhere_
on the way:  At his end, at your end, or somewhere in the
middle.  It doesn't matter where, and it certainly doesn't
have to be on the receiver side.  It could be his cat
tripping on the modem cable or whatever.

In any case, the result is that sending the mail fails, and
the MTA choses to try another MX with lower priority.
That's perfectly legal behaviour.  If you assume such mails
are spam, you'll certainly get false positives.  I wouldn't
even penalize such mails with a longer greylist delay,
because they could be completely innocent.  YMMV, of course.

Best regards
   Oliver

-- 
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606,  Gesch\ufffdftsfuehrung:
secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht M\ufffdn-
chen, HRB 125758,  Gesch\ufffdftsf\ufffdhrer: Maik Bachmann, Olaf Erb, Ralf Gebhart

FreeBSD-Dienstleistungen, -Produkte und mehr:  http://www.secnetix.de/bsd

"C++ is to C as Lung Cancer is to Lung."
        -- Thomas Funke