On 2019-11-22 08:23, Gregory Heytings wrote:
And there are various techniques (for example connection rate limits,
response delays, greylisting) that prevent you from "accepting all
mail" and that have zero false positives.
As for greylisting, it's no more true now.
Some large and popular mail sending services started some time ago to
send mail in a way that is incompatible with greylisting. Greylisting
assumes that after first 4xx reject, the sending server will retry: a)
after a few minutes; b) from the same IP address. These services: a)
retry immediately, after 5-10 seconds; b) use different IP address on
each retry and c) give up after a few unsuccessful attempts. Thus it
is possible you never get mail sent from these services if you use
greylisting.
I stand corrected, I shouldn't have mentioned greylisting, I don't
have enough experience of that technique. The two other techniques I
mentioned are still valid; I did experience them in the long term, and
they have zero false positives.
Plain old greylisting can yield many false positives, but recent
implementations of milter-greylist for example will not greylist
messages that validates SPF. It helps *a lot*.
patpro
