[Greylist-users] Up and running on the real sever - and I

Wed Feb 15 12:15:00 PST 2006

Thanks for the replies, Walter and Bill !

Looks like I will be turning down the wait time to much lower.

I should have explained my doublet-triplet idea better. What I was thinking 
is - once a triplet has passed the timeout check and had mail allowed 
through on that triplet, THEN allow that sender to send to any of my users 
from the same IP with the same From: ID.  If I just save the from and IP 
then I could get fooled easily by a SPAMmer, but if I make sure that a valid 
triplet exists THEN allow the doublet to work.  I may not be a great idea 
anyway, since it would involve an extra database query or two. You would 
check for an exact match on this triplet and if that fails then check for a 
PASSED match on the doublet (from and IP)  and it that fails you would temp 
fail it and add it as a triplet to the database.

I still we be looking at some queries, since I will be expected to produce a 
list of orphaned triplets there never passed and never were retried - just 
to make them happy :-)

But turning it way down on the retry time should answer a lot of user 
concerns.

BTW, I was trying to Google up the SMTP RFC to see what the "official" SMTP 
rules are for retry time, delays, etc - but could not find what I was 
looking for. Is this even listed in the specs or maybe suggested?

I just had my first SPAM to me get through the system. It is disappointing, 
but still better that before the new server was in place.

Thanks again,
Dennis

===== Original Message from greylist-users at lists.puremagic.com (Greylisting 
Users and Developers Discuss) at 2/15/06 12:38 pm
>1 minute.
>
>Your suggestion sounds dodgy because you will allow spam from spammers
>who send to more than one user at your site (which spammers often do).
>
>There is a way to do what you're suggesting, which is what I already do.
>My system allows mail from any host/sender where there is a
>host/sender/recipient triple which has verified itself (i.e. where there
>has previously been a full triple match). So if a spammer writes to Bob
>and then to Jim, both messages get deferred. If a legit sender writes to
>Bob, and then later to Bob and Jim, both Bob and Jim will both get the
>second message *at the same time*.
>
>Experience says that you *need to be getting this right*, otherwise you
>will get a steady trickle of people coming to you like Jim saying "Yeah,
>Bob got a message from Dave which was addressed to me, but I didn't
>receive it. I only found out when Bob replied to Dave, quoting the
>original message, and copying me. I guessed my e-mail was broken, so I
>got Dave to try to a different e-mail address / try it without the
>attachments. Is my e-mail broken? Have we stopped accepting attachments?
>Has the server gone down? When's it going to be fixed? All these
>problems - can't you even get e-mail right?".
>
>My system does not use Evan's Sendmail-based greylisting stuff - it is a
>complete re-write originally designed to plug into Exim4 (although the
>programmatic interface is generic and could plug into any MTA).
>
>> 3) Does anyone use a bypass method when an e-mail just "has to get
>> through" ? Say a customer has a mail server that never retries, or
>> does not retry for 4 hours and I NEED to let an e-mail though. Should
>> I configure a non-published username that I could let bypass
>> relaydelay and have the mail get through? I know some systems have a
>> "password" you can put in the subject line to bypass their SPAM
>> filters - but that would not work with the greylist.
>
>If your greylister is hooked in to Exim4, then configuring this is easy;
>you just put a condition on your ACL to not greylist when a recipient
>appears in a given table. If you're using Sendmail, well, sorry, I threw
>that out years ago and never once regretted it for a second.
>
>> 4) Does anyone have any reporting scripts that they can share? My
>> users would like me to give them a report of any mail that was seen,
>> but not passed (no retires in the allowed time) so they can see if
>> they missed anything.
>
>If you've configured it with the double/triple allower, and a nice short
>retry then your users should get used to it pretty quickly, and will get
>on with what they're supposed to be doing rather than worrying about
>where their e-mail is.
>
>Bill
>--