Slightly OT: Greylisting another take

[Thomas Cameron]

On Fri, 2005-02-18 at 12:14 +0100, Alexander Volovics wrote:
> While I can understand that mail server admins choose tools
> like greylisting to battle the spammers the 'innocent bystanders'
> are often caught in the crossfire.
> 
> About 2 years ago my email address 'awol at home.nl' was hijacked by
> spammers (presumably russians or east europeans) working the russian
> market (for all sorts of completely unnecessary home-appliances).
> This lasted about 3 months judging by the bounced mails I received.

If it was just your e-mail address which was hijacked then you have
little about which to worry.  Spam blocking (at least responsible spam
blocking) works on a number of factors - server IP address being an
important one.  If your actual mail server isn't sending spam, you
shouldn't be blocklisted.

> As far as I know there is almost no direct action you can take to
> stop this. And even if you use another email address your IP address
> becomes (black)listed.

Again, your e-mail address doesn't really come into the picture.  The
only way your server's IP address is going to be blocklisted is if it is
sending spam.  If that's the case then you need to fix your server.

> The same happened recently to some other clients of my ISP @home.
> Add to this the fact that some @home clients themselves contributed
> small scale spam before they were stopped.

@home is a residential service provider.  If you want commercial
services (i.e. the ability to run a mail server), you should get
commercial service.

> Of course these activities resulted in a (large) block of @home
> IP addresses becoming SORBS listed, and recently relisted.

That's because @home is infamous for allowing spam from their
residential IP addresses.

> My dynamic IP addresses are in this block which means I can't even send
> any mail to some mail servers 

Darn tooting you can't.  If you want to send mail from your home mail
server, you should send it through the SMTP server provided by your ISP.
Or buy commercial grade bandwidth.

> and that I am greylisted by others
> (like RedHat). Look at the headers of my messages:
> X-RedHat-Blacklist-Warning & X-RedHat-Spam-Score.

Greylisting has nothing to do with RBLs.  Greylisting involves my server
asking your server to wait a few minutes and re-transmit.  Once your
server has done that, it is added to the list of acceptable senders.

> This can result in substantial delays of my messages getting to the list
> and then often not being read when mail is date sorted because of the
> wrong date.

Nope.  Greylisting does not do that.

> Here is an example from my Mail Log:
>  host mx3.redhat.com[66.187.233.32] said: 451 4.7.1 greylisted
>  for 30 minutes and 0 seconds. (in reply to end of DATA command)

Once you post to the list and your server re-sends, you are added to the
acceptable senders list.  You should only see this delay once before you
are added.

> The actual delay is often *much* longer than 30 minutes due
> to all kinds of imponderables.

You should revisit the SMTP specifications.  It should *not* be
considered instant messaging.  It is a store-and-forward protocol,
designed to deal with the delays inherent in public networks.

> I hope you can understand that I am not enamored of greylisting.

I couldn't be happier with it.  On my tiny little mail server (less than
a dozen users), it stops several THOUSAND spams a day.   If it weren't
for greylisting and SpamAssassin, my e-mail would be completely
unusable.  It is absolutely worth the small delay for the first message
that someone sends me.

Thomas