Re: Greylisting for @debian.org email, please
On Monday 20 June 2005 18:17, Pierre Habouzit <firstname.lastname@example.org> wrote:
> > Do you have any evidence to support yout claim that big mail servers
> > are configured to handle gray-listing servers differently from other
> > mail servers?
> I do. I know personnaly some admins of big MX (not necessarily ISPs,
> french schools/universities in my case) that have a special rule for
> domain that they know practicing greylisting, and that *force* the
> delay to be of 30 to 60 minutes. and they increase that time if their
> queue is big
Do you consider universities to have big mail servers? AFAIK universities
tend to have less than 100,000 accounts with 30,000 being a fairly typical
number. Medium sized at most.
> > My experience from working at big ISPs is that queues can take 60
> > minutes to process because they have many tens of thousands of
> > messages. A queue with more than 50,000 messages will take quite a
> > while to process even if you have a 100baseT full-duplex connection
> > to the Internet.
> well, greylisiting is done before any DATA is sent, and won't charge
> your connection that much. so the BW problem seems quite irrelevant.
> the latency will play a big role though.
My point is that if you have 50,000 full sized messages in the queue it will
take quite some time to go through the queue and be ready for a second pass.
> > > if there is 2 or 3 such MX that relay the mail before it
> > > arrives to its final destination, it can induce 2 to 3 hours delays
> > > (I already saw it) and it's painful.
> > In what situation will you have three such mail servers?
> redirections : my debian account redirects to an adress I have from my
> alumni that is a redirection address garanteed for life that redirects
> to my real account.
> I do that because my alumni provides me really good AV and AS services,
> and all my ingoing mail comes through it. So maybe 3 is a bit
> exagerated, but I think 2 is pretty common.
Two such mail servers would only be common if mail was commonly sent to
@debian.org addresses from big mail servers, and if redirecting Debian mail
to similar big mail servers was also common. I doubt this.
Also you were making claims about two or three multiples of the graylist
delay. In your case at least that is false as you apparently don't plan to
run such graylisting on your own machine.
But redirection to a redirection service should be considered a bad idea.
When mail doesn't arrive then it's another step in tracking down the problem,
and it's another step that can possibly bounce spam to innocent third
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page