[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: greylisting on debian.org?

Henrique de Moraes Holschuh <hmh@debian.org> writes:

> You can, for example, use dynamic IP supersets to do the greylisting
> "triplet" match.  Now the problem is a matter of creating the supersets in a
> way to not break incoming email from outgoing-SMTP clusters.

Is there a way of doing this which doesn't require you to know in
advance the setup of remote networks and such?  Does it scale?

> You can also only graylist sites which match a set of conditions that flag
> them as suspicious.  Depending on what conditions you set, you do not have
> the risk of blocking any server farms we would want to talk SMTP to.

You don't have the risk?  Are you saying that there is exactly *zero*
risk?  Please, if you don't mean that, be more precise.

>> So far, all I have seen in response to this particular problem is to
>> say that "properly configured" includes an exactly accurate hardcoded
>> list of all such sites on the internet.
> Then you are hearing differently now.

What ar the "dynamic IP supersets" you speak of, then?

>> Another problem is with hosts that do not accept a message from an MTA
>> unless that MTA is willing to accept replies.  This is a common spam
>> prevention measure.  The graylisting host cannot then send mail to
>> such sites until they've been whitelisted, because when they try the
>> reverse connection out, it always gets a 4xx error.  I've been bitten
> Why will the host implementing incoming graylisting *always* get a 4xx error
> on his outgoing message?  I am curious.

The other way round.

Reply to: