Re: [Asrg] Greylisting BCP

On 2011-10-18 19:12:18 -0400, Chris Lewis wrote:

On 11-10-18 03:42 PM, Daniel Feenberg wrote:

Where should comments go? I have a question really, though it might be
construed as a comment. Why do greylisters match on the (sender,
receipient, MTA) triple rather on just the MTA? Isn't it nearly certain
that if an MTA returns for one sender/receipient pair, it will return
for any pair? So that keeping track of all three seems unnecessary and
increases the probability of a message being delayed. What am I missing?


As I understand it, some grey-listing systems match on sender/recipient  
pairs (not MTA) so as to not penalize clustered outbounds that share 
queues.

There's all sorts of 'optimizations'/variations that you can apply for  
different behaviours.

You're right, _just_ the MTA would work just about as well for the main  
use case: bot armies.


I don't think so. If the bot sends one spam from <spam1(_at_)example(_dot_)com> 
to
<alice(_at_)example(_dot_)net> and some time later (within the greylisting 
windo)
another from <spam2(_at_)example(_dot_)biz> to <bob(_at_)example(_dot_)net> the 
second one
would get through if you use only the IP address. To establish that a
new MTA is "legitimate" you need to be fairly restrictive. After that
you just need to make sure that it's an MTA you already checked and the
IP address is (usually) sufficient.

There is a danger in specifying the precise details/tuning values of a  
"standardized gray listing" mechanism.  If it's too predictable, you  
could probably come up with a simplistic mechanism for defeating it  
without requiring the complexity of queuing.  "Hybrid vigor" is a good  
thing.


ACK. However, for those who have to deal with greylisting (either on the
sending or receiving side) it's valuable to know what works well and
what doesn't. There's little sense in having everybody going through the
same learning curve. So, a BCP should not define the One True Way of
greylisting but list variants of greylisting as well as different
queueing strategies and discuss their pros and cons.

        hp

-- 
   _  | Peter J. Holzer    | Web 2.0 könnte man also auch übersetzen als
|_|_) | Sysadmin WSR       | "Netz der kleinen Geister".
| |   | hjp(_at_)hjp(_dot_)at         | 
__/   | http://www.hjp.at/ |  -- Oliver Cromm in desd

signature.asc
Description: Digital signature

_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [Asrg] Greylisting BCP, (continued) Re: [Asrg] Greylisting BCP, Martijn Grooten Re: [Asrg] Greylisting BCP, Joe Sniderman Re: [Asrg] Greylisting BCP, Martijn Grooten Re: [Asrg] Greylisting BCP, Joe Sniderman Re: [Asrg] Greylisting BCP, Jose-Marcio Martins da Cruz Re: [Asrg] Greylisting BCP, Jose-Marcio Martins da Cruz Re: [Asrg] Greylisting BCP, Murray S. Kucherawy Re: [Asrg] Greylisting BCP, Chris Lewis Re: [Asrg] Greylisting BCP, Jose-Marcio Martins da Cruz Re: [Asrg] Greylisting BCP, Paul Smith Re: [Asrg] Greylisting BCP, Peter J. Holzer <= Re: [Asrg] Greylisting BCP, Murray S. Kucherawy Re: [Asrg] Greylisting BCP, Douglas Otis Re: [Asrg] Greylisting BCP, Murray S. Kucherawy Re: [Asrg] Greylisting BCP, Dave Warren Re: [Asrg] Greylisting BCP, Jose-Marcio Martins da Cruz Re: [Asrg] Greylisting BCP, Douglas Otis Re: [Asrg] Greylisting BCP, Peter J. Holzer Re: [Asrg] Greylisting BCP, Murray S. Kucherawy [Asrg] Microsoft takes over British Telecom, t.petch Re: [Asrg] Microsoft takes over British Telecom, Scott Howard