This one time, at band camp, Thomas Bushnell BSG said: > martin f krafft <[EMAIL PROTECTED]> writes: > > > Anyway, I'll be interested to hear a summary of their arguments, as > > Christian Perrier requested. I find it hard to imagine how properly > > configured greylisting should cause any problems. > > It's a violation of the standard. It is especially problematic, > because it is a violation against the spirit of being liberal in what > you accept, and conservative in what you require.
Sadly, those days may be coming to an end. > It assumes, for example, that the remote MTA will use the same IP > address each time it sends the message. If the remote MTA is a big > server farm, with a lot of different hosts that could be processing > the mail, what is your strategy for preventing essentially infinite > delay? I use a greylist implementation that autowhitelists after a configurable number of successful retries for a tuple. Assuming you mean places like yahoo or aol, the essentially infinite delay you speak of has never been an issue so far. They all end up whitelisted after a while, and then mail from them proceeds without delay. Assuming the number of users debian has, it shouldn't take very long to record hits for all of their outbound servers. > Another problem is with hosts that do not accept a message from an MTA > unless that MTA is willing to accept replies. This is a common spam > prevention measure. The graylisting host cannot then send mail to > such sites until they've been whitelisted, because when they try the > reverse connection out, it always gets a 4xx error. I've been bitten > by this one before. That is an odd implementation of sender callouts designed by someone who doesn't understand SMTP, and is not really an issue for the conversation at hand. Normal sender callouts, which route the message to the public MX, have their pros and cons, but it's not under discussion at the moment. -- ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : [EMAIL PROTECTED] | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | -----------------------------------------------------------------
signature.asc
Description: Digital signature
