[Greylist-users] Greylisting via Exim 4 local_scan harmful?

William Blunn bill--greylist at tao-group.com
Tue Mar 2 04:46:59 PST 2004 

I put in a greylisting system for my employer using Exim 4 local_scan.

A few days later I changed it over to using an ACL hook mechanism.

I had a user complain of a message appearing to have been lost during
the period when it was using local_scan.  I check the logs and indeed
it appears that a message from a large corporation (who shall remain
nameless) has been temporarily rejected, and then appears not to have
been re-tried.

I am suspecting that the problem is that the message has been
temporarily rejected at the end of the DATA section, but the remote
mailer has ignored the reply and assumed successful delivery.  This
would lead to a message being "blackholed" which is a very confusing
and problematic problem case.

The system I put in later does not use local_scan and instead works
through an ACL hook and therefore (temporarily) rejects the message
at RCPT time, instead of at the end of the DATA.

As I understand it, this situation is handled in a better way by buggy
MTAs.  The more likely bug scenario here is that the remote MTA
incorrectly bounces the message.  Although this behaviour is wrong, at
least the sender will get a bounce and will then start to question the
behaviour.

So my contention is this:

  Greylisting via Exim 4's locan_scan function is harmful.
    
  Given that:
  
  (a) it is equally easy to set it up either way
  (b) local_scan gives friction with buggy MTAs but ACL hook doesn't,
  (c) it is impractical to get all buggy MTAs fixed,
  (d) users expect messages to get through, and aren't sympathetic to
      whining,
  
  then the right way to do it is via the ACL hook.

What do you reckon?
  
Bill

The contents of this e-mail and any attachments are confidential and may
be legally privileged. If you have received this e-mail and you are not
a named addressee, please inform us as soon as possible on
+44 118 901 2999 and then delete the e-mail from your system. If you are
not a named addressee you must not copy, use, disclose, distribute,
print or rely on this e-mail. Any views expressed in this e-mail or any
attachments may not necessarily reflect those of Tao's management.
Although we routinely screen for viruses, addressees should scan this
e-mail and any attachments for viruses. Tao makes no representation or
warranty as to the absence of viruses in this e-mail or any attachments.
Please note that for the protection of our business, we may monitor and
read e-mails sent to and from our server(s).

More information about the Greylist-users mailing list