New wiki page

Steve Freegard steve.freegard at fsl.com
Mon Jun 29 18:03:08 IST 2009


Alex Neuman van der Hans wrote:
> How is it different?
> 
> On Jun 29, 2009, at 11:19 AM, Steve Freegard wrote:
> 
>> Yes; I use greylisting (FSL's own implementation; which is a bit
>> different from other implementations).
> 

Rather too many differences to list here.  Basically it greylists by
host (as it is the host that does the queueing after all) but uses a
heuristic based on the IP/PTR record so that it copes easily with
shared-spools (e.g hotmail) without being overly permissive (other
implementations use IP address /24 which is less than ideal); but still
maintains key strength by using a tuple *and* MD5 hashing the initial
content.  Once the host has proved that it queues (by sending the same
identical message initially seen); it is bypassed from further
greylisting for 7 days (by default) from the time the host was last seen
(so hosts that frequently communicate do not get greylisted again).

And it uses UDP multicast and/or unicast to maintain greylist records
across multiple hosts without the need for SQL replication.

Most all other implementations greylist using tuples or IP only.
Meaning that each time the tuple or IP changes then the host is
greylisted again or use DNSBLs to determine which hosts to greylist
(which is a really poor idea IMO).

Cheers,
Steve


More information about the MailScanner mailing list