James Wilkinson wrote:
You are incorrect on several counts.
- The time to delay is configurable in a good greylist milter. Mine is
set to 15 minutes since this is pretty much the default retry interval of most MTAs.
Really? The standard says The sender MUST delay retrying a particular destination after one attempt has failed. In general, the retry interval SHOULD be at least 30 minutes; (RFC 2821 section 4.5.4.1)
Calling half an hour "a while" seems reasonable to me...
I'd argue that your first sentence is misleading, too -- the delay is a result of the configuration of both sending and receiving MTAs.
Whatever.... It is certainly not 4 hours.....
You need to understand the meaning of "should" v.s. "must".
- No whitelist maintaining is needed. The sending system either tries
again or it doesn't. If it is a legitimate sender, it will retry. Also, when a sender/system is allowed it will be cached. So, even if you have multiple servers from AOL, etc. they will eventually be cached.
Tony calling it a "whitelist" may be misleading.
But you are missing a detail here, and confusing "sending system", "computer", and "IP address". For major providers, the sending system may involve lots of computers, with lots of IP addresses. Retries may come from any of those computers -- this is perfectly legitimate under SMTP. So it may take a while (especially if they use an "exponential back-off") before the same server retries the same e-mail. With enough sending IP addresses, it's possible that the e-mail might never be retried from the same IP address.
There are two ways around this -- either you can (as Tony said) maintain a list of senders which use this sort of system, or hope that the senders put their sending MTAs in no more than a few /24 subnets. You then get the greylist to consider that one sending attempt from 127.36.5.1[1] and a retry from 127.36.5.2 is Good Enough.
I think you have no idea of what you speak.
- The email itself will only be handled once. When a server to be delayed
first contacts your server the milter will check the cache with the initial information supplied and simply close the connection and not allow the DATA portion to be sent.
This is true, but possibly not the best response to Tony's post. The *real* point is that although the server has to "think about" the message twice, the first time takes up nearly no bandwidth and nearly no processor time.
Huh?
But you're missing another point -- the more people use greylisting, the less reliable it becomes (because spammers start retrying on any error). If Tony and I choose not to use greylisting, that makes it more usable for you.
For every point, there is a counter point.
All I know is that greylisting or graylisting and spamassisssin has reduced the amount of spam I get by 95%.
You can chose to do as you wish. I will do as I do and be happy that I get very little spam.
Oh, and BTW, that is not to do stupid things like blanket rejects of upper level domains.
James.
[1] Yes, I know there's a slight problem with that IP address!
Ah, yes, well spoken from someone with no idea as to how things work.