On Mon, 10 Jul 2006, Henrique de Moraes Holschuh wrote: > > Is there a way of doing this which doesn't require you to know in > > advance the setup of remote networks and such? Does it scale? > > Yes. The most absurd way is to consider every non-stolen, valid for the > public Internet IPv4 netblock as belonging to a single IP superset, and > flushing the graylisted database often (but mind your outgoing email retry > policy!). > > Another is to
Argh. I must have deleted part of the message by mistyping in vim and didn't notice it before sending. Sorry about that. Another way to avoid problems with clusters is to assume certain common setup patterns for server farms, like a cheap netmask match. This does, in a way, "require you to know in advance the setup of remote networks", in the sense that you need to know the common patterns that will be used. At least now you are dealing with patterns, and not specific instances. It is not as bad as it sounds. Small clusters of less than five machines are not supposed to be an issue (you will graylist-approve the entire cluster before the retry limit is over for reasonable retry policies). Large clusters are almost always made of a number of islands of nodes with IPs close to each other, and graylist-approving different islands will also work if you don't manage to match all islands as a single set). Scaling is obviously a problem if you have many incoming SMTP hosts, as the graylisting knowledge should be shared among all of them. Other scaling issues depend on how you calculate the IP sets, but for IP distance like the above example, it is pratically the same as for dumb graylisting. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
