[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: greylisting on debian.org?

Wouter Verhelst <wouter@debian.org> wrote:
> On Thu, Jul 13, 2006 at 11:01:09AM -0700, Thomas Bushnell BSG wrote:
>> Ok, now I understand.  As I've already said, graylisting on /27
>> netblocks amounts to inventing new network standards, which I believe
>> should go through the IETF standardization process before we block
>> email from people who don't comply with our newly invented standards.

> Really, I don't understand why you wrote this.

> Greylisting already exists. This would just make it _less_ of a problem.

> By greylisting from /27 netblocks, you wouldn't block any additional
> mail as opposed to greylisting in general; quite to the contrary.

> Greylisting in this manner does not require anything specific from a
> remote host, except that it must follow the standards as defined in
> RFC2821 and come back some time after it received the initial 4xx status
> reply. What part of that is a "newly invented standard"?

The following setup would be in compliance with rfc2821 but would
not be able to deliver mail to a greylisting host:
- retrying every hour for up to five days
- messages are sent out from 120 different IP-addresses all living in
  different /27 netblocks.
- retries do not happen on the same IP. Initial try IP-address #1, 2nd
  try IP-address #2, ... ,120th try IP-address #120

This in an extreme setup, but if the retry strategy is more
complicated, e.g. every hour for 12 hours, then every two hours for
12 hours and every four hours from then on only 42 IP addresses are

If some (broken) caching is involved numbers go down further.

cu andreas

The 'Galactic Cleaning' policy undertaken by Emperor Zhark is a personal
vision of the emperor's, and its inclusion in this work does not constitute
tacit approval by the author or the publisher for any such projects,
howsoever undertaken.                                (c) Jasper Ffforde

Reply to: