While I'm not an MSU mail admin, I do believe the scenario you
describe below works, and from my tests below, it doesn't
even look like it has to be to/from the same users even.
First connection from an IP address shows the following banner:
220 grey00.mail.msu.edu ESMTP spamd IP-based SPAM blocker; Wed Apr 4 18:06:43 2007
Subsequent connection attempts all show the same banner.. until
around 7-8 minutes later, when the banner changes:
220 mx04.mail.msu.edu ESMTP Exim 4.63 Wed, 04 Apr 2007 18:14:52 -0400
At this point, it seems from/to tuples are completely ignored, and
only frequency of IP address/range connections to MSU's mail servers
is monitored.
Perhaps someone from MSU's mail team could expand on that.
-Russell
> -----Original Message-----
> From: MSU Network Administrators Group
> [mailto:[log in to unmask]] On Behalf Of Chris Wolf
> Sent: Wednesday, April 04, 2007 6:02 PM
> To: [log in to unmask]
> Subject: Re: [MSUNAG] Greylisting
>
> A user raised a question about MSU's anti-spam greylisting
> that I couldn't answer.
>
> Suppose a user on a non-compliant email system sends a
> message to a recipient at MSU. That message will get a
> "temporary" refusal from MSU and then the non-compliant
> server will fail to resend it, so the recipient will never receive it.
>
> But suppose the sending user sends another message (or even the same
> message) to the same recipient within a short time. Will
> MSU's system recognize this as the required "resend" and then
> start accepting mail from that server?
>
> I've looked at descriptions of some implementations of
> greylisting, and although they don't talk about this scenario
> it seems as though it would satisfy some of them, which
> apparently only look at three things, the sender's email
> address, the recipient's email address, and the server IP.
>
|