[Greylist-users] Does Greylisting *always* work?
mjd at digitaleveryware.com
Mon Jun 23 16:14:21 PDT 2003
>From the description of greylisting Evan Harris says:
"The best part is that since we never permanently fail a message delivery, as
long as the delivering MTA's are well behaved, we should never cause a
legitimate mail to bounce. There should never be a false positive!"
Thats one of the reasons I implemented greylisting. And I think its pretty
much true, but is is *always* true? Can an MTA that follows all the relevant
RFCs fail when talking to a server implementing greylisting? I think so.
One problem is that greylisting returns a "temporary failure" to the
originating server. Now, we mean this particular message has a temporary
failure, but as far as the server knows it could be the greylisting server is
having a temporary failure for all messages.
If you have a busy "normal" email server that sends a new message from
potentially a different user to to a different user every 20 minutes, each
new message will get "temp failed" since its new and the one hour clock
starts. However, from the point of view of the originating server every
twenty minutes they contact the greylisting server and a message is "temp
failed". If the server includes logic that says "don't bother running the
queue for a server that reported a failure less than 30 minutes ago", then
since the grelisting server always has failed less than twenty minutes ago,
the originating server may decide not to bother processing the queue of
previously failed messages (that would now be ok). Or it might be past the
four hour window by the time it retries a previously tried message.
In this case, although the originating server is following all RFCs, all
messages to the greylisting server may fail. Can this happen? Has anyone seen
it? I may have an example but I'm not sure if this is the problem yet.
If it is a problem, is there an easy way around it? It seems likely to happen
soon after starting a greylisting server since when starting the database is
empty and most messages are "new" and get failed for an hour.
More information about the Greylist-users