10 Oct
2017
10 Oct
'17
11:04 a.m.
I've turned off greylisting on mailman.ampr.org as it seemed to
be causing more trouble than it was fixing. We'll just have to
see how bad the spam problems get, and may have to turn it back
on again sometime down the road.
In the meantime, mail to the mailing list should no longer be
delayed by greylisting requiring senders to retry delivery.
- Brian
10 Oct
10 Oct
7:19 p.m.
Brian,
Depending on the implementation you're using, you can tune the timers to hold valid
hosts longer and enable learning without taking action for a while.
Will Gwin
www.N5KH.org
On 10/10/17 10:04 AM, Brian Kantor wrote:
I've turned off greylisting on mailman.ampr.org as
it seemed to
be causing more trouble than it was fixing. We'll just have to
see how bad the spam problems get, and may have to turn it back
on again sometime down the road.
In the meantime, mail to the mailing list should no longer be
delayed by greylisting requiring senders to retry delivery.
- Brian
7:26 p.m.
Will,
The problem is that the large email purveyors like AOL, Yahoo, Microsoft, etc,
use large server farms that balance the load between multiple hosts, so
when the mail retries it comes from different IP addresses on every retry.
Microsoft, for example, lists thousands of IP addresses as part of their
email service.
Greylisting by IP address hasn't got a chance of working in that
environment.
Thanks
- Brian
On Tue, Oct 10, 2017 at 06:19:01PM -0500, Will Gwin wrote:
Brian,
Depending on the implementation you're using, you can tune the timers to hold valid
hosts longer and enable learning without taking action for a while.
Will Gwin
www.N5KH.org
11 Oct
11 Oct
5:44 p.m.
Brian,
I have been running greylisting as part of postscreen since it came out, and was using
greylisting before that upgrade came available in the FreeBSD port tree. The only MTA that
I've have any issues that required manual intervention was Google. For Google
specifically I have to whitelist their IP space, however Yahoo and others have been
working fine.
The problem with Google is they have a policy of never retrying with the same IP, while
most other providers have a small pool of outbound servers so given a few messages and
you'll get all the outbound servers in your cache. This is where using learning mode
with a large cache timeout pays off. It will pass traffic without enforcing greylisting,
and will use those successes to populate the cache.
Will Gwin
www.N5KH.org
On 10/10/17 6:26 PM, Brian Kantor wrote:
Will,
The problem is that the large email purveyors like AOL, Yahoo, Microsoft, etc,
use large server farms that balance the load between multiple hosts, so
when the mail retries it comes from different IP addresses on every retry.
Microsoft, for example, lists thousands of IP addresses as part of their
email service.
Greylisting by IP address hasn't got a chance of working in that
environment.
Thanks
- Brian
On Tue, Oct 10, 2017 at 06:19:01PM -0500, Will Gwin wrote:
Brian,
Depending on the implementation you're using, you can tune the timers to hold valid
hosts longer and enable learning without taking action for a while.
Will Gwin
www.N5KH.org
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
2598
days inactive
2599
days old
3 comments
2 participants
participants (2)
-
Brian Kantor -
Will Gwin