[exim] greylisting with multiple equal priority mx-records

Pàgina inicial
Delete this message
Reply to this message
Autor: Paul Dekkers
Data:  
A: Exim-Users (E-mail)
Assumpte: [exim] greylisting with multiple equal priority mx-records
Hi,

I wonder: When there are two MX records with equal priority, do we have
to create a "shared triplets database" for greylisting or can we safely
assume that a SMTP client tries both records (when the first tried does
a defer) or that it tries at least the same record for the second
attempt first?

I'll explain a bit further: If a delivery attempt was made on A, but it
was deferred there for greylisting purposes, and it was later (instead
of directly) tried on B instead because it does have the same (highest)
priority, then for greylisting to work (at least not by delaying twice
as long) B should know abbout the attempt with A...?
If the delivery is always first retried on the same host that the defer
came from, or when both hosts are tried at the same time then it
shouldn't matter.

It is possible of course to create a replicated (master-master) mysql
database for this "shared memory", or to disable greylisting if one of
the servers/the database is down... but it's less desirable to create
this kind of dependancies I suppose.

I found funny differences between postfix, sendmail and exim in its
behaviour on equal priority MX-es. Exim always seem to try both records
so there I would be safe without shared memory. (It even tries with both
IPv4 and IPv6 for a single host in one run.) Postfix sometimes tries one
delivery, sometimes two; when it uses one it seems to take the one from
the previous attempt, with two it seems to take random order. Sendmail
always seems to try two, but with unpredictable order (not the last one
first, allthough... so far it always seemed to be the host from the very
first attempt it re-tries first). (And if IPv6 provided an answer no new
IPv4 attempt is made on the same host with both sendmail and postfix.)

Anyway: with all these MTA's greylisting should work without shared
memory...
Curious what other people think of this.

BTW; I think I wouldn't dare yet to use greylisting for all mail, but
maybe I do for hosts that show up in an RBL...

Paul

P.S. In theory one could maybe polish out (at least for quite a few
messages) one of the disadvantages with greylisting: the delay... if the
attempt was made on A, and within a minute / "immediately" on B, then
it's probably a proper MTA that tries both MX-records... we need a
shared database then after all :-)