Re: VGER does gradual SPF activation (FAQ matter)
From: David Woodhouse
Date: Tue Jun 13 2006 - 08:31:44 EST
On Tue, 2006-06-13 at 12:45 +0200, Matthias Andree wrote:
> > It's fairly trivial with a decent MTA. I use all kinds of conditions to
> > trigger greylisting -- HTML mail, 'Re:' in subject with no References:,
> > lack of reverse DNS or CSA on the sending host, >=0.1 SA points, etc.
> > Adding "is not subscribed to the mailing list they're trying to post to"
> > should be trivial.
> Given that list drivers are separate from the MTA (and that's good),
I'm unconvinced of the goodness of that. With a suitably capable MTA,
there isn't a huge reason not to have the basic receive-and-resend mail
path handled _entirely_ by the MTA, rather than pawning it off to
separate software. Obviously the interface to subscribers, be it through
email or http, wants to be separate -- but receiving and sending email
is what an MTA does best. And I've learned to hate mailman with a
vengeance -- I've been meaning to investigate exilist for some time now,
for my mailing lists.
> it's less trivial than simple looking at message headers or DNS info
> that the MTA shuffles around anyways. The MTA doesn't need the
> subscription list however, since "exploding" the subscriber list is a
> separate problem handled by Majordomo, Mailman, Sympa, whatever.
Even if you have a cron job which extracts the subscriber list into a
text file or other database which is used by the MTA, it isn't
particularly hard. In many cases, Exim should probably be able to read
the subscriber database directly, anyway.
Actually, just tagging _all_ posts to the list for greylisting is
probably OK as long as you're doing your greylisting sensibly. The thing
about greylisting is that you're checking to see if it's a dump-and-run
spammer, or whether it's a real mail host with a queue. Once a given
host is observed to actually retry and get past the greylisting, there's
little point in _ever_ greylisting mail from that host again anyway.
If you get that right, it doesn't matter if you tag every incoming mail
to the list for greylisting; it doesn't keep causing delays to people
who've got mail through before.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/