ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Greylisting BCP

2011-10-20 02:22:55
from [Peter J. Holzer] [Permanent Link] 
On 2011-10-18 15:42:24 -0400, Daniel Feenberg wrote:

On Tue, 18 Oct 2011, Murray S. Kucherawy wrote:

After some chatter inside MAAWG and on the ietf-smtp mailing list, I’ve 
started an
outline for a BCP on the practice of greylisting.  The main purpose is to 
explain
what it is, discuss the pros and cons of its variants, and give some 
recommendations
for implementation and configuration for a few example installations and 
policies.

The draft (which is currently only an outline) is here:
https://datatracker.ietf.org/doc/draft-kucherawy-greylisting-bcp/

Comments welcome.


Where should comments go? I have a question really, though it might be  
construed as a comment. Why do greylisters match on the (sender,  
receipient, MTA) triple rather on just the MTA? Isn't it nearly certain  
that if an MTA returns for one sender/receipient pair, it will return for 
any pair?


Yes, but how do you determine that the MTA returned for one
sender/receipient pair? For that you need the whole tripel. Once you
have established that the MTA does queue, the IP address is sufficient
(this wasn't in Harris' original proposal, but it is a common
optimization).

Actually, the tripel (ip address, envelope sender, envelope recipient)
is just an approximation. What greylisting really tries to establish is
whether a particular /message/ is queued. To do that right you would
have to compare the whole message, but that would be expensive. So
greylisting assumes that if there is a second delivery attempt from the same IP
address with the same sender and recipient within a certain time window,
then it is a second delivery attempt for the same message, not an
independent message. We all know that this assumption isn't always true
(and I've occasionally advised users to just send two mails within a few
minutes to get through greylisting) but its a reasonable heuristic.

There is also an argument for always using the whole tripel: It guards
against bots on the same IP address (e.g., an MTA and an infected
workstation behind a common NAT, or a reassigned IP address).

        hp

-- 
   _  | Peter J. Holzer    | Web 2.0 könnte man also auch übersetzen als
|_|_) | Sysadmin WSR       | "Netz der kleinen Geister".
| |   | hjp(_at_)hjp(_dot_)at         | 
__/   | http://www.hjp.at/ |  -- Oliver Cromm in desd

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Greylisting BCP, Jose-Marcio Martins da Cruz
Next by Date:  Re: [Asrg] Greylisting BCP, Peter J. Holzer
Previous by Thread:  Re: [Asrg] Greylisting BCP, Douglas Otis
Next by Thread:  Re: [Asrg] Greylisting BCP, Murray S. Kucherawy
Indexes:  [Date] [Thread] [Top] [All Lists]