Re: Greylisting for @debian.org email, please

[Wouter Verhelst <wouter@grep.be>]

On Mon, Jun 20, 2005 at 02:03:34PM -0700, Thomas Bushnell BSG wrote:
> Wouter Verhelst <wouter@grep.be> writes:
> 
> > That being said, even if you couldn't do that, there still are ways to
> > avoid the problem: e.g., do graylisting based on the /24 of the sending
> > host, rather than on the /32, and make the delay only valid for five
> > minutes rather than an entire hour. This might still make the delay be
> > quite some time, but it shouldn't take /weeks/, at any rate.
> 
> This assumes that my email hosting is all on one subnet, doesn't it.

No.

> Whoops, that might not be right.  

It most likely isn't.

However, if you have dozens and dozens of mailservers and set them up so
that the mail would come from one mailserver on the first try and
another one on the next try, then I think it's safe to assume your
dozens and dozens of mailservers are set up in the same data center --
or, at least, grouped over a rather small number of data centers (at
least as compared to the number of mailservers you're running), because
you don't want to be continuously bouncing your mail from Tokio to
London to New York and back again. If you do, I wouldn't want to be
paying your bandwidth.

As such, I suspect that even if mail won't originate from the same /24
all the time, chances are pretty high they will for a rather large
portion of the attempts. And in the rare (or not) occasion that they
don't, I still suggested using a 5 minute timeout rather than a 1h one,
which will alleviate the problem even more.

-- 
The amount of time between slipping on the peel and landing on the
pavement is precisely one bananosecond