[Greylist-users] Does Greylisting *always* work?

[David F. Skoll]

On Mon, 23 Jun 2003, martin dempsey wrote:

> In this case, although the originating server is following all RFCs,
> all messages to the greylisting server may fail. Can this happen?
> Has anyone seen it?

Here's a real scenario.  My mail server has two queues.  The regular
queue gets processed every 30 minutes, and the "slow" queue gets
processed every 8 hours.  After a message has been in the regular
queue for five hours without being delivered successfully, it gets
moved to the slow queue.

If my Internet connection is down for a few hours, a lot of messages can
end up in the slow queue.  These messages would never be sent often
enough to make it through the four-hour window.  (Though I'd be inclined
to manually move them all to the regular queue when the Internet connection
came up.)

Another real scenario:  If you have a dynamic IP address at the end of
a DSL line and your address changes often enough, you could see problems.
(This case can be "solved" by demainding DSL customers to relay through
their ISP's server.)

In my original implementation of greylisting, I didn't have a four-hour
expiration, and I didn't take the IP address as part of the relationship.
This stopped about 30% of spam.  I will probably make the more aggressive
approach (time limit + include IP address) optional, because it looks like
it will actually stop a lot more spam.

--
David.