[Dshield] DNS MX record block question

Kenneth Porter shiva at sewingwitch.com
Wed Sep 10 04:28:52 GMT 2003


--On Tuesday, September 09, 2003 3:37 PM +0200 security at admin.fulgan.com wrote:

> Why would you want to do that ?

[Probing envelope sender's domain's MX for active port 25.]

Just ran across this interesting paper on "greylisting" on the MIMEDefang list:

<http://projects.puremagic.com/greylisting/>

It uses tempfail to stop dumb spammers who don't retry on failure, at the cost
of an additional delivery delay for the first piece of legitimate mail between
a given sender and recipient. (Subsequent messages don't suffer the delay.)

The clever part is that it maintains a DB of triplets of envelope sender,
envelope recipient, and MTA IP. Mail with one such triplet is temporarily
refused the first time seen and allowed on all subsequent tries.




More information about the list mailing list