[AktiviX-discuss] dying under the spam

[Alan Dawson]

Quoting ana <ana at aktivix.org>:


> In fact, its effectiveness with spam relies on the fact that servers 
> sending spam do not usually try a second time. 

Also when a spam client resends an email, we have a better chance of spotting it
as the spam client will have been advertising itself to the rest of the
internet and may have been added to various RBL ( real time block lists )
lists.

we use  relays.ordb.org and sbl-xbl.spamhaus.org at aktivix.org and
lists.aktivix.org





> ..But there are also servers 
> sending legitimate mail that do not try a second time either, or they try 
> immediately, or too late for the greylisting to work.

The greylisting wait time is only 15min.  I'm not aware of any non rfc compliant
MTA(message transfer agent)'s these days.. It is the 21st century!

In my experience of using greylisting at other sites, the problems have not been
with non RFC MTA's but rather with corporate providers who have a large pool
outgoing MTA.  So for instance many corporate providers will use messagelabs to
filter for outgoing spam and viruses.  When a message is first attempted to be
delivered it comes from mta1.provider.net, but on subsequent attempts it will
come from mta2.provider.net, then mta34.provider.net etc...

As our greylisting implementation matches the triplet ( sender ip address,
sender, recipient ), this behaviour can result in delayed messages.

I have a small list of providers outging MTA where I've noticed this behaviour
in the past, that can be added to a whitelist.

AED
-- 
"The long revolution is creating small federated microsocieties, true guerilla
cells practising and fighting for this self-management. Effective radicality
authorises all variations and guarantees every freedom"