[nzlug] (OT) Sorbs etc, was Exim: Limiting outgoing connections
on Debian
Cliff Pratt
enkidu at cliffp.com
Wed Oct 11 09:37:44 NZDT 2006
Shane wrote:
> On Tuesday 10 October 2006 23:30, Simon Lyall wrote:
>> Greylisting like other other forms of spam filtering has false positives.
>> People using it should be aware that activating it may result in legitimate
>> emailing being:
>>
>> a. Delayed
>> b. Being returned to the sender with an error
>> c. Being lost with no error being generated to sender or receiver.
>>
>> Like other forms of spam filtering people may decide that these downsides
>> are outweighed by the upsides. However they should remember:
>>
>> a. The above downsides *do* exist.
>> b. Greylisting imposes load on the mail servers of senders.
>> c. Greylisting is fairly simple for Spammers to beat and they will beat it
>> when it becomes worthwhile.
>
> And I have in this mornings mailbox an example of the trouble some types of
> grey listing will cause. A spammer has been using my "domain" as his for
> posting spam.
> ie khgurh at weasel.is-a-geek.net
> Someone has dropped me a mail this morning <auto-generated>, asking me to
> confirm I am that person, adding to *my* spam load
> Spammer 2 Greylister 0 Innocent Party (me) -1
>
Greylisting is using the 'temporary delivery failure' facility in the
mail protocols to force a sending SMTP to retry sending by a 'temporary
delivery failure' mail status code. If the sender is set up correctly
this will cause the sender to try again a little later. This time the
receiving SMTP server will accept the mail.
Unfortunately there are many servers where the retry rule has been
tweaked (legitimately) and if, as is common, the receiver will require a
retry within a certain period, then the sender may not try a second time
within the requisite time period. The second try may then fail and the
sender will keep email on the queue and periodically retry for five days
(or whatever the timeout is set to) and eventually it will bounce to
the sender.
Meantime the user thinks that the mail has gone through. If the
recipient knows that the mail is coming through and tells the sender (by
phone) that it hasn't then the sender is likely to keep resending the
same email time and time again.
At the end of five days the email gets returned to the sender as
undeliverable. The usual user response is a) to send the message again,
usually several times, b) complain to the mail admin, who can't do anything!
The usual result of greylisting is lots of retries to a single server,
lots of duplicate emails by user action, failure to deliver most mail to
that server, and general unhappiness all around.
Cheers,
Cliff
More information about the NZLUG
mailing list