James Wilkinson wrote: >> You are incorrect on several counts. >> >> 1. The time to delay is configurable in a good greylist milter. Mine is >> set to 15 minutes since this is pretty much the default retry interval of >> most MTAs. > > Really? The standard says > The sender MUST delay retrying a particular destination after one > attempt has failed. In general, the retry interval SHOULD be at > least 30 minutes; > (RFC 2821 section 4.5.4.1) > > Calling half an hour "a while" seems reasonable to me... > > I'd argue that your first sentence is misleading, too -- the delay is a > result of the configuration of both sending and receiving MTAs. Whatever.... It is certainly not 4 hours..... You need to understand the meaning of "should" v.s. "must". >> 2. No whitelist maintaining is needed. The sending system either tries >> again or it doesn't. If it is a legitimate sender, it will retry. Also, >> when a sender/system is allowed it will be cached. So, even if you have >> multiple servers from AOL, etc. they will eventually be cached. > > Tony calling it a "whitelist" may be misleading. > > But you are missing a detail here, and confusing "sending system", > "computer", and "IP address". For major providers, the sending system > may involve lots of computers, with lots of IP addresses. Retries may > come from any of those computers -- this is perfectly legitimate under > SMTP. So it may take a while (especially if they use an "exponential > back-off") before the same server retries the same e-mail. With enough > sending IP addresses, it's possible that the e-mail might never be > retried from the same IP address. > > There are two ways around this -- either you can (as Tony said) maintain > a list of senders which use this sort of system, or hope that the > senders put their sending MTAs in no more than a few /24 subnets. You > then get the greylist to consider that one sending attempt from > 127.36.5.1[1] and a retry from 127.36.5.2 is Good Enough. I think you have no idea of what you speak. >> 3. The email itself will only be handled once. When a server to be delayed >> first contacts your server the milter will check the cache with the initial >> information supplied and simply close the connection and not allow the DATA >> portion to be sent. > > This is true, but possibly not the best response to Tony's post. The > *real* point is that although the server has to "think about" the > message twice, the first time takes up nearly no bandwidth and nearly no > processor time. Huh? > But you're missing another point -- the more people use greylisting, the > less reliable it becomes (because spammers start retrying on any error). > If Tony and I choose not to use greylisting, that makes it more usable > for you. For every point, there is a counter point. All I know is that greylisting or graylisting and spamassisssin has reduced the amount of spam I get by 95%. You can chose to do as you wish. I will do as I do and be happy that I get very little spam. Oh, and BTW, that is not to do stupid things like blanket rejects of upper level domains. > James. > > [1] Yes, I know there's a slight problem with that IP address! Ah, yes, well spoken from someone with no idea as to how things work.
