On Tue, 2014-07-01 at 15:37 -0500, Steve Bergman wrote: > > On 07/01/2014 03:29 PM, Martin Gregorie wrote: > > On Tue, 2014-07-01 at 19:17 +0000, Jeremy McSpadden wrote: > >> No mention of RBLs or greylisting ... > >> > > Quite. > > > > When my ISP switched on greylisting my mail immediately went from a > > spam:ham ratio of 80:20 to one of 20:80 > > But the variable delay, which is not under your control? > You're right: its not.
> My users > complained loudly about that minority of mails which took an hour to > arrive. I had to turn it off. > I know what can happen, and also that those complaints can arise from a total misunderstanding of what e-mail is designed to do: that it is *not* an instant messaging medium but it is a reliable one despite delivering over sometimes flaky networks. IOW demanding instant e-mail delivery is quite unreasonable. > Yes, I'm sure the autowhitelist features > help with time. But we're always receiving mail from new customers > whom our mail server has never heard from before. And you really don't > want to not receive a mail from a new customer for an hour or more > when you are a service company advertising fast and efficient service > of your customers' restaurant kitchen equipment during the lunch > hours. > I think that specific whitelisting could help here: I run a mail archive that takes an automatic BCC feed of both incoming and outgoing mail from Postfix. This just works and has an important secondary use. SA uses a special-purpose plugin to query the mail archive: any incoming mail received from an e-mail address I've previously sent mail to gets whitelisted. It was simple to do because the archive is held in a PostgreSQL database and has almost zero maintenance costs. As I run it, the whitelist is assembled automatically from outgoing mail, but it would not be hard to accept an address feed from, say, a sales system or a guarantee registration database which would allow customer addresses to be whitelisted as their orders are confirmed. For that matter, if a new customer is always sent an e-mail to ensure they have your address and to confirm that theirs is correctly entered, then they'd be automatically whitelisted by that e-mail. Martin > I did not find greylisting viable for our use case. And I suspect many > businesses would have similar incompatibilities with the strategy. > > -Steve >
