[Greylist-users] Too many "false positives" !?!
dragon at dragonskeep.org
Sun Nov 20 14:54:21 PST 2005
I've used the relaydelay-greylisting for both private and business
purposes and I've had excellent results. Yes, I've gotten some
mixed results, for instance that a few companies have misconfigured
their Exchange mailserver and it construes the 45x failures as if
it were a 5xx error. So I had to whitelist them (they didn't want to
hire me :) ) In short, they're non-RFC compliant. There are a few
such beasts out there.
Further, there are a few mail-clusters out there that seem to hand
off emails between each other, resulting in resending the email to
you from different hosts. If you look through the mailing list,
you'll see a few entries regarding Yahoo.com etc. that have to
be whitelisted because of that behavior. I had to whitelist
a few RoadRunner mailservers here in North Carolina.
And yes, one of my German friends has complained that she has had
issues emailing me from her web.de account. T-Online.de, by the
way, seems to work just fine (Mom's on there, so it's important!)
For web.de, I'd like to know their mailservers' IP addresses, too.
And yes, there should be a flurry of servers out there that are just
plain messed up.
According to the list (and to my experience), issuing a
421/4.3.2 tempfail is better than the 451/4.7.1 error.
Try that and see if it helps some
I think it boils down to this:
- Who are your important mailsenders?
- How many of those are misbehaved?
- What's more trouble: emailing their admin-staff to get a list
of mailservers, or informing them of their RFC non-compliance,
or just whitelisting them, or is it more trouble to wade through
all kinds of spam emails?
I'd think that a friendly email to the admins of let's say web.de
should yield in a proper response. (If you don't mind, if you
get the web.de guys list, please let us know what to whitelist)
The only real problem I ever had was a server in Hawaii that insisted
on sender verification. Someone on our mailserver sends an email,
and immediately that server opens a connection back - wich of course
tempfails, but they then result in failing delivery of our email.
Ooops - caught between two different spamtraps - but I figured they're
sincere enough about spam that I can whitelist them immediately.
If there are really that many misbehaving mailservers in good ole
Germany, you might want to consider this:
- customize the errormessage you're sending back, include a link
to a website with instructions and an explanation, as well as a
whitelisted email address
- have the sender notify you through the whitelisted email address.
- Then you know the IP of the sender's mailserver and you could build
the whitelist based on that.
- If you're afraid to get too much spam that way, tell 'em to stick
to a particular Subject-line and filter out all the rest.
On Sun, 20 Nov 2005 13:35:56 +0100, orinoco wrote:
> I'm testing greylisting with postgrey and postfix on my mailserver.
> Within two days I got so many "false positives", 1st rejected by
> greylisting and then the remote MTA does not retry to deliver the
> for hours, for days ... even major providers like web.de do only try
> once and then generate a delivery error.
> That does not correspond with the promises on several wesbites
> almost no false positives from greylisting. Didn't they counter-
> Are there so many non-RFC-compliant MTAs out there? Or what's going
> wrong here?
> It's an underdog job to check for false positives, not to mention
> repairing the communication damage.
> And I can't whitelist all innocent non-RFC-comnpliant MTAs on the
> Additionally some web-mail providers like hotmail hide the
> error message from their customers, generating a delivery failure
> message of their own, if they notify at all.
> disappointed regards
-- The Dragon, dragon at dragonskeep.org on 11/20/2005
More information about the Greylist-users