Re: greylisting on debian.org?
Henrique de Moraes Holschuh <hmh@debian.org> writes:
> You can, for example, use dynamic IP supersets to do the greylisting
> "triplet" match. Now the problem is a matter of creating the supersets in a
> way to not break incoming email from outgoing-SMTP clusters.
Is there a way of doing this which doesn't require you to know in
advance the setup of remote networks and such? Does it scale?
> You can also only graylist sites which match a set of conditions that flag
> them as suspicious. Depending on what conditions you set, you do not have
> the risk of blocking any server farms we would want to talk SMTP to.
You don't have the risk? Are you saying that there is exactly *zero*
risk? Please, if you don't mean that, be more precise.
>> So far, all I have seen in response to this particular problem is to
>> say that "properly configured" includes an exactly accurate hardcoded
>> list of all such sites on the internet.
>
> Then you are hearing differently now.
What ar the "dynamic IP supersets" you speak of, then?
>> Another problem is with hosts that do not accept a message from an MTA
>> unless that MTA is willing to accept replies. This is a common spam
>> prevention measure. The graylisting host cannot then send mail to
>> such sites until they've been whitelisted, because when they try the
>> reverse connection out, it always gets a 4xx error. I've been bitten
>
> Why will the host implementing incoming graylisting *always* get a 4xx error
> on his outgoing message? I am curious.
The other way round.
Reply to: