Re: [exim] greylisting and VERP's

Top Page
Delete this message
Reply to this message
Author: Chris Webb
Date:  
To: exim-users
Subject: Re: [exim] greylisting and VERP's
Steffen Heil <lists@???> writes:

> Is there a general way to detect VERP's?
> For example on:
>
> axis-user-return-34172-lists=domain.de@???
>
> I assume this will give problem with my greylisting...
> [I am using the sender's address to greylisting and there are a lot of
> domains involved on my side.]


I decided that greylisting on suspicious (or all) mail was a policy option I
wanted to make available to users for domains they host with us, and spent
some time looking at other people's greylisting systems and thinking about
how to implement this in a vaguely sensible way that doesn't break for VERP
and so on. My conclusions were:-

  - It's broken to expect the retry to be from the same IP as the original
    delivery attempt. MTA clusters aren't required to work this way. 
    However, the message ID, envelope sender and envelope recipient(s)
    should be constant between successive delivery attempts. (So should a
    lot of other stuff, but these three are particularly low-hanging fruit!)


  - Once you've detected that an MTA is genuine, retrying messages
    correctly, there's no point in greylisting further mail from that MTA. 
    Expecting sender local parts to remain constant from message to message
    is broken in general, and I expect SES will become more commonplace over
    time, so it'll be increasingly problematic in practice too. Having to
    special-case something as common as mailing list systems is insane,
    anyway!


  - It's not completely clear to me whether I should be whitelisting MTAs
    based on IP addresses themselves, or something more specific like (IP
    address, HELO name), or even treating different domains from the same
    MTA different and whitelisting (IP address, HELO name, sender domain),
    but I've started out using just IP addresses to see how that goes.


I have a small prototype daemon listening on a unix domain socket which uses
Berkeley DB to maintain a greylist of (sender, recipient(s), message-id) and
a white list of IP addresses. The IP addresses used for the original
delivery attempt, subsequent retries before the whitelisting threshold time
(4 mins) and the final successful retry after 4 mins are all added to the
white list. I prune the grey list of entries older than 25 hours which we
haven't seen a retry for. I should probably also prune the IP address table
if we don't see a delivery for more than some timeout (60 days?), but I'm
still experimenting at this stage.

Anyway, just some thoughts to throw into the mix, really!

Cheers,

Chris.