Re: [exim] greylisting

Top Page
Delete this message
Reply to this message
Author: David Woodhouse
Date:  
To: Dmitry Samersoff
CC: exim users, Ian P. Christian
Subject: Re: [exim] greylisting
On Sat, 2009-06-27 at 19:49 +0400, Dmitry Samersoff wrote:
> David,
>
> David Woodhouse wrote:
> > On Sat, 2009-06-27 at 17:28 +0400, Dmitry Samersoff wrote:
> >> I think SQL for graylist is totally overkill.
> >
> > It's only sqlite -- it doesn't require a separate database server; it's
> > purely within Exim.
>
> It doesn't make it faster and doesn't excuse SQL parser, transactions
> and bunch of other staff not needed in this case.
>
> > You've got to have _some_ kind of database, and this
> > is more efficient than just doing it with text files (as my original
> > implementation did.
>
> sqlite is nice product (good step back to 1994) but people tend to
> consider it as a cure-all-diseases magic pile. We need a record manager
> here but not a database - i.e. Berkeley DB, not sqlite.


True -- it would be nice if we could use Berkeley DB that way from Exim,
but it's read-only.

> >> Check this implementation:
> >> http://www.beastsoft.net/cgi-bin/hg/hgwebdir.cgi/greyd/
> >
> > Ew, Mercurial and C++... not the best first impression.
> >
> > A separate dæmon written in C++ with a 'thread pool' implementation and
> > weird OS 'abstraction' layers to handle signals... that's not overkill?
>
> It's really fast and scalable (actually what it was written for - one of
> mid size ISP asked me for help). Also it couldn't cause email loss -
> i.e. if something goes wrong e-mail just passed in.


Sounds like it's being used too much. Ideally, I believe greylisting
should only be invoked for mails which look suspicious in some way, if
they come from a host which hasn't previously been observed to queue and
retry.

> > You also don't seem to be passing it anything other than $sender_address
> > and $sender_host_address -- and you're even assuming the latter is
> > Legacy IP, afaict.
>
> I'm checking sender host address and sender from address, e.g:
> 209.85.218.168:*@gmail.com


How's it going to cope with what I get on your incoming mail:
    2001:4830:2446:ff00:214:51ff:fe65:c65c:dms@???


> This combination is sufficient enough but not perfect. What else you
> suggest to check?


There is some discussion of that on the wiki page to which I referred.

--
dwmw2