Re: greylisting on debian.org?

[Andreas Metzler <ametzler@downhill.at.eu.org>]

Martijn van Oosterhout <kleptog@gmail.com> wrote:
[...]
> The point was about mailers sending mail to debian. If they receive a
> 4xx they have to queue the mail and retry later. It's cheap for
> debian, but expensive for everyone else.

> A far more reasonable solution is to only greylist mail with an
> unreasonably high spamassassin score. Normal mail I assume generally
> doesn't score high and is not susceptable to greylisting.

Greylisting after DATA sounds like a bad idea to me:

1. The bandwith has already been wasted.
2. The bandwith will be wasted again if the host retries
3. spamassassin is a performance hog, and you'll need to rerun it when
the host retries.

*If* you want to be picky about greylisting use something *cheap*,
e.g.
- greylist only hosts listed on a DNS blacklist.
- Don't greylist on host/sender/receipient triples but check
  network/sender/receipient. And possibly combine this with *not*
  greylisting _any_ sender/receipient tuple iff $host already passed
  greylisting for another sender/receipient tuple. (We already know
  the host to do proper retries, no use in greylisting again.)

> Not that I mind, the amount of spam received via this mailing list is
> so marginal I can hardly imagine people worrying about it.

We are not (only) talking about lists.d.o. primarly but the
developer@debian.org addresses. /These/ gather loads of spam.

cu andreas

-- 
The 'Galactic Cleaning' policy undertaken by Emperor Zhark is a personal
vision of the emperor's, and its inclusion in this work does not constitute
tacit approval by the author or the publisher for any such projects,
howsoever undertaken.                                (c) Jasper Ffforde