proposal: greylisting and multiple-IP clients

John Sutton
Thu Mar 11 14:02:31 UTC 2004

Hi there

I've been getting some grief from customers since I started running a 
greylist server, and I've traced some of it to the problem of resubmissions 
coming from different IP's, e.g., where a large ISP runs a number of mail 
servers which share a single mail queue.  As it says in -"This causes additional 
embargoing that can surprise end users."  Of course, this problem can be 
circumvented by appropriate "ok ip" additions to grey_whitelist but this 
involves an administrative burden and defeats the purpose of greylisting.

It strikes me that this problem could be solved by a modification to the 
greylist algorithm along the following lines.  (Note that this only makes 
sense if you are *not* running with "-G weak".)

If the first submission which initiates an embargo involves the "quartet":


then a subsequent submission should lift the embargo if it presents:


where ip2 is *any* ip.  At present, ip2 must equal ip1, but this restriction 
produces the "additional embargoing" mentioned above.  As best I can tell, 
the relaxation of this restriction would produce very little increase in spam 
evading the greylist but would solve the multiple-IP problem.

There is then the outstanding issue of exactly which triple should persist in 
the greylist for the "white" period (default 63 days)?  I don't think it 
matters whether ip1 or ip2 is used, either seem to me of equal validity, but 
ideally *both* triples should be added.

Of course, it is my assumption that "the relaxation of this restriction would 
produce very little increase in spam evading the greylist" which needs to be 
tested, and I wonder what other people think about that?

John Sutton
SCL Internet
Tel. +44 (0) 1239 711 888

More information about the DCC mailing list

Contact by mail or use the form.