proposal: greylisting and multiple-IP clients

Vernon Schryver vjs@calcite.rhyolite.com
Thu Mar 11 17:05:22 UTC 2004


> From: "John R Levine" 

> > You are basially proposing that the IP addresses be removed from
> > the greylist triples, making them greylist pairs.
>
> I get the impression that multiple-IP clients tend to have their IPs
> clustered in a small range.  It'd probably do the trick if you accepted a
> second message from anywhere in the same /24.

There are some problems with that:

  - I think AOL and Earthlink have their SMTP clients spread out more 
     than that.  If not them then, others.

  - dccd doesn't do regular expressions.  There had better be no way
     for dccd to figure out that an MD5 checksum of one (address,to,from)
     triple differs from another only in the least significant 8 bits
     of the addresses, or all of x.509 PKI and other things will come
     crashing down on our heads.  (yes, SHA is now recommended over
     MD5, but MD5 is widely used)

  - what about "owned" boxes used as proxies?  Are they unlike to be
      in the same /24?

I guess greylist clients could ask about a modified (address-prime,from,to)
triple, with the modified address-prime computed by masking the
true address with 255.255.255.0.

I'd still need a way to tell dccm and dccifd to do that.
If `dccm -G` took an arg, then `dccm -G mask0.0.0.0` would completely
ignore the IP address and `dccm -G mask255.255.255.0` would lump /24s.

Is all of this worth including the 4.4BSD getopt.c in the DCC clients?


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.