On Fri, Mar 30, 2012 at 10:02:28AM +0200, Maciej Uhlig wrote: > So, google.com got 450 from postscreen and repeated delivery from > _other_ IP and then got another 450. It's possible the mail would > not be delivered at all if google.com had sent it from different 60 > thousands :-) IP addresses every time.
It's possible. In practice it is a minor issue. As a site hosting a Linux community project, mine has lots of contact with gmail. Every month or so we might see a delay. At any given time I probably have almost all the gmail outbounds whitelisted. I also use the MX policy test, with two prioritized MX IP addresses listening on the same host. This does not help with gmail, which doesn't retry the secondary after being deferred on the primary. > The cure could be DNS whitelisting but we know it's not applicable > in postscreen's permanent whitelist. We added then IP subnet > 74.125.0.0/16 to permanent whitelist. But we know there are other > ISPs who could send mail in a similar way. My cure was to do what some say I do best: nothing! :) I am not aware of any permanent failures nor any delays beyond a minor inconvenience. > Does somebody have CIDR whitelist file of mail ISPs (a la postgrey > whitelist clients) perhaps? Postgrey does! :) -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
