Re: greylisting on debian.org?
martin f krafft <firstname.lastname@example.org> writes:
> Anyway, I'll be interested to hear a summary of their arguments, as
> Christian Perrier requested. I find it hard to imagine how properly
> configured greylisting should cause any problems.
It's a violation of the standard. It is especially problematic,
because it is a violation against the spirit of being liberal in what
you accept, and conservative in what you require.
It assumes, for example, that the remote MTA will use the same IP
address each time it sends the message. If the remote MTA is a big
server farm, with a lot of different hosts that could be processing
the mail, what is your strategy for preventing essentially infinite
So far, all I have seen in response to this particular problem is to
say that "properly configured" includes an exactly accurate hardcoded
list of all such sites on the internet.
Another problem is with hosts that do not accept a message from an MTA
unless that MTA is willing to accept replies. This is a common spam
prevention measure. The graylisting host cannot then send mail to
such sites until they've been whitelisted, because when they try the
reverse connection out, it always gets a 4xx error. I've been bitten
by this one before.