[OT] HELP!!! mail attack

Craig White craigwhite at azapple.com
Wed Mar 26 14:59:20 UTC 2008 

On Thu, 2008-03-27 at 00:58 +1030, Tim wrote:
> On Wed, 2008-03-26 at 06:35 -0700, Craig White wrote:
> > Greylisting has been a very effective tool for me and I have had NO
> > complaints about it at all.
> 
> The problem with thought process is thus:  Admin says, "We don't get any
> complaints."  And the reason for that is that outsiders are unable to
> make any contact to lay a complaint.  It happens all the time, and
> admins are unable to get their head around the issue...
----
again... 3 years, 7 servers tells me that this is not only eminently
workable but an important tool.

YMMV - I'm comfortable with that.
----
> 
> > There's actually a way around it in a crunch...I've put a 5 minute
> > window.
> 
> That's really not a solution.  While your server may say, come back in
> 5, you don't have any control over how, when, or if, the sender will
> actually retry.  And neither do us have any control over how our ISPs
> configure their SMTP servers that we're forced to post through.
> 
> As soon as you implement greylisting, you *WILL* make it completely
> impossible for *some* people to email you.  It's an inescapable fact.
> Trying to guess how much you will lose, and the worth of that loss, is a
> pointless exercise.
> 
> It's not good for business, nor even personal relations.  Some people
> will try to contact you via an alternative method, some will not.  I am
> one of those who puts little effort into contacting someone that makes
> it hard to do so, and I am not alone in that regard.
----
You speak in absolutes but your absolutes choose a window that is
incomplete. It's bad for business to have a server tied up in trying to
run clamav and spamassassin scan a batch of e-mails that 70% would never
reach the queue if you run greylisting.

We are not talking about an insignificant number of computer cycles at
all.

As for making it impossible for *some* people to e-mail accounts on
these servers...I haven't had a single report to that effect, again, 3
years, 7 mail servers.
----
> A case in point, the greylisting response that killed a message I tried
> sending to someone, to whom I had no other way to get in touch with:
> 
>   This message was created automatically by mail delivery software.
>   A message that you sent has not yet been delivered to one or more of its
>   recipients after more than 24 hours on the queue ...[snip]... 
> 
>   The message identifier is:     ...[snip]...
>   The subject of the message is: ...[snip]...
>   The date of the message is:    Sun, 10 Feb 2008 21:49:26 +1030
> 
>   The address to which the message has not yet been delivered is:
> 
>      ...[snip at chariot.net.au]...
>       Delay reason: SMTP error from remote mail server after RCPT TO:...[snip]... at chariot.net.au>:
>       host secmx.vic.chariot.net.au [203.87.83.188]:
>       450 4.7.1 <...[snip]... at chariot.net.au>: Recipient address rejected:
>       Greylisted for 1 minutes
> 
> The message said to try again in 1 minute, it never succeeded.  The
> error message, about it, came to me two days later.  I saw no point in
> trying to send again, the system had tried to resend and failed, by
> itself.  There's nothing I can do to change how it was going to try.
> 
> Taking a day to try and e-mail someone, and being informed two whole
> days after posting that it failed, is just pathetic.  Email should take
> mere seconds, no matter what some dingbats think about it.
----
you are throwing out the baby with the bath water. Just because some
system out there is configured poorly doesn't mean that the underlying
technology isn't sound. 

Craig

More information about the users mailing list