Re: Introducing greylisting on gnome.org

[Aaron <aaron the-escape org>]

A short timeout would lessen the annoyance, but even if the timeout  
is set low, you still have to wait on the mailserver's own resend cycle.

Depending on the service sending the mail in the first place, the  
mail could be sent from several different machines/IPs, one for each  
attempt, and any new mail sent from that same specific service can  
come from a different IP, even if it's the same sender, so it gets  
bounced again.

On Feb 4, 2006, at 3:46 PM, Kevin Kubasik wrote:

> But even if the timeout was set to a minute, you would see an
> incredible reduction in spam, and after the first month or so, we
> would rarely see delays much beyond the backup that some of the
> systems might already experience on a busy day.
>
> -Kevin Kubasik
> On 2/4/06, aaron <aaron the-escape org> wrote:
> > Greylisting is extremely irritating when you are counting on timely
> > delivery of an email. I personally do not have time to wait X minutes
> > for every new ip and sender that tries to send me mail.
> >
> > Tomas Ögren wrote:
> >
> > > Hello.
> > >
> > > While trying to help get mail flowing over at gnome.org, I  
> > > noticed that
> > > gnome.org isn't using greylisting.
> > >
> > > For those who isn't sure what this is about, read
> > > http://en.wikipedia.org/wiki/Greylisting
> > >
> > > > From what I've seen, some people seem to have something against  
> > > > it. Not
> > > sure what though, since you only get a delay for the -first- mail  
> > > with a
> > > certain triple (sender, recipient, sender ip). The rest is let  
> > > through
> > > immediately (after an X minute waiting period for the first mail).
> > > If some mail is lost due to greylisting, that mail could have  
> > > been lost
> > > in regular mail flow as well.
> > >
> > > Using greylisting cuts away lots of virus and a large amount of  
> > > spam as
> > > well. Granted, it does not stop all - but it sure helps.
> > >
> > > Examples on how it worked out for me at two systems:
> > > http://support.cs.umu.se/stats/mail/
> > > http://www.acc.umu.se/~project/mailgraph/
> > >
> > > Check the bottom graphs and guess when we started using greylisting.
> > >
> > > At those systems, we use (just like at gnome.org) postfix with  
> > > amavisd
> > > [sa + clam].. Then we added postgrey..
> > >
> > > Needed changes in postfix was:
> > >
> > > main.cf:
> > > smtpd_restriction_classes = greylist
> > > greylist = check_policy_service inet:127.0.0.1:10026
> > > 127.0.0.1:10026_time_limit = 3600
> > >
> > > smtpd_recipient_restriction =
> > >               ......
> > >               everything like now, but as last entry before the mail
> > >               is supposed to be accepted
> > >               ...
> > >               check_recipient_access hash:$config_directory/ 
> > > access_recipient
> > >
> > >
> > > access_recipient (new file or so):
> > > # example of exception from greylisting
> > > someuser gnome org  DUNNO
> > > # gl the rest
> > > gnome.org      greylist
> > >
> > >
> > > If you want to try on a single user first, don't use the domain
> > > catch-all in access_recipient and put a specific recipient there
> > > instead.
> > >
> > >
> > > mneptok said I should mail this here. Flame him etc ;)
> > >
> > > /Tomas
> >
> > _______________________________________________
> > Gnome-infrastructure mailing list
> > Gnome-infrastructure gnome org
> > http://mail.gnome.org/mailman/listinfo/gnome-infrastructure
>
>
> --
> Cheers,
> Kevin Kubasik
>
> http://kubasik.net/blog