Re: [exim] Greylistd

Pàgina inicial
Delete this message
Reply to this message
Autor: gascione
Data:  
A: exim-users
Assumpte: Re: [exim] Greylistd

Dean Brooks Wrote:
> On Wed, Nov 29, 2006 at 11:05:11AM -0500, gascione wrote:
>
> > All I can tell you is that over the past week we have not received
> any
> > complaints at all for greylisting. I believe that most MTA's will
> try
> > to resend at least once in 5 minutes, at least that is what we are
> > seeing. Since our retry timer is set to 120 seconds the mail seems
> to
> > be flowing fine. All I can tell you is what we see. Just prior to
> > implementation we sent a general email to every single user on our
> > systems telling them what we were doing and asking them to please
> tell
> > us if there were any issues. Aside from normal email issues we have
> not
> > had any complaints from them that are specific to greylisting.
>
> Keep in mind that there *are* sites out there that:
>
> - Dont ever retry at all
> - Retry only once after one hour
> - Retry once only every 24 hours
> - Treat temporary errors as failures
> - etc.
>
> >From my experience, the majority of these misconfigured sites tend to
> be legitimate businesses, usually small or family owned, who haven't
> spent enough money on labor to properly set up their mail servers.
>
> Because of this, you'll probably get a complaint here or there from
> the intended recipient, but it can take a couple of weeks before they
> really notice the problem.
>
> I also think it is a significant mistake to only retain the
> information for 24 hours. If a server is proven to retry, why would
> you continue to greylist? At that point, the *only* thing you are
> accomplishing is delaying email. It is better to leave the
> information in there for 30 to 60 days, in my opinion, if you know the
> server will retry properly.
>
> On the positive side, just make a whitelist and feel free to throw IP
> addresses into it on a whim when you get a complaint. After all,
> whitelisting a server from greylisting does no real harm and just puts
> it back on par for normal SMTP processing.
>
> --
> Dean Brooks
> dean@???
>
> --
> ## List details at http://www.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://www.exim.org/eximwiki/


Excellent points, thank you. Graylistd does have a white list feature
and it's easy to work with so with any luck there will not be any
problems.

I guess we are counting on the fact that most servers make a reasonable
attempt to re-deliver the mail. In any event our thinking is that this
is no better than what happens by getting false positive spam
detection, rejections for legitimate servers that don't do RDNS or
happen to be on a black list and shouldn't be there. No system is going
to be perfect. We get mail rejected that is legitimate without
greylisting. Hopefully this won't compound the problem. It sure kicks
the crap out of the SPAM.

I am taking your advice on the retry timeout and changing it to 60
days. The only reason I was concerned was because the db files grow
quite large and they seem to be handled in memory. I didn't want any
reliability problems with the server. But that is not based on real
data, just a prediction.

George Ascione


--
gascione
------------------------------------------------------------------------
gascione's Profile: http://www.exim-users.org/forums/member.php?action=getinfo&userid=112
View this thread: http://www.exim-users.org/forums/showthread.php?threadid=53814