Tony Nelson wrote: > Well, don't forget that greylisting will delay each new legitimate mail > sender by a while (maybe a few hours), requires maintaining whitelists for > the server farms of large email providers (AOL, etc.) or email from them > may take much more than 4 hours to get through, and the mail must be > handled twice by your server rather than just once. Ed Greshko wrote: > You are incorrect on several counts. > > 1. The time to delay is configurable in a good greylist milter. Mine is > set to 15 minutes since this is pretty much the default retry interval of > most MTAs. Really? The standard says The sender MUST delay retrying a particular destination after one attempt has failed. In general, the retry interval SHOULD be at least 30 minutes; (RFC 2821 section 4.5.4.1) Calling half an hour "a while" seems reasonable to me... I'd argue that your first sentence is misleading, too -- the delay is a result of the configuration of both sending and receiving MTAs. > 2. No whitelist maintaining is needed. The sending system either tries > again or it doesn't. If it is a legitimate sender, it will retry. Also, > when a sender/system is allowed it will be cached. So, even if you have > multiple servers from AOL, etc. they will eventually be cached. Tony calling it a "whitelist" may be misleading. But you are missing a detail here, and confusing "sending system", "computer", and "IP address". For major providers, the sending system may involve lots of computers, with lots of IP addresses. Retries may come from any of those computers -- this is perfectly legitimate under SMTP. So it may take a while (especially if they use an "exponential back-off") before the same server retries the same e-mail. With enough sending IP addresses, it's possible that the e-mail might never be retried from the same IP address. There are two ways around this -- either you can (as Tony said) maintain a list of senders which use this sort of system, or hope that the senders put their sending MTAs in no more than a few /24 subnets. You then get the greylist to consider that one sending attempt from 127.36.5.1[1] and a retry from 127.36.5.2 is Good Enough. > 3. The email itself will only be handled once. When a server to be delayed > first contacts your server the milter will check the cache with the initial > information supplied and simply close the connection and not allow the DATA > portion to be sent. This is true, but possibly not the best response to Tony's post. The *real* point is that although the server has to "think about" the message twice, the first time takes up nearly no bandwidth and nearly no processor time. But you're missing another point -- the more people use greylisting, the less reliable it becomes (because spammers start retrying on any error). If Tony and I choose not to use greylisting, that makes it more usable for you! James. [1] Yes, I know there's a slight problem with that IP address! -- E-mail: james@ | For every complex problem, there is a solution that is aprilcottage.co.uk | simple, neat, and wrong.
