On 2007-06-18 02:27:48 +0100, Sabahattin Gucukoglu wrote:
However, in environments where clustering, proxying, load balancing or
gatewaying are used to share the load of distributing mail from an
identical source, greylisting will delay mail for longer than is necessary
if multiple attempts happen to be made by different hosts in a cluster.
If there are enough hosts sending mail, and depending on the greylisting
timeouts and the queueing timeouts set at recipient and sender of the mail
respectively, and supposing every host that tries is uniquely chosen, it
might even be possible that mail will fail to be delivered in the time the
sender decides mail can wait for delivery in a queue. The mail will then
be returned to the sender as undeliverable for a transient reason, which
most greylisting implementations obfuscate as general system faults.
(Although it seems that this problem is already known well enough, no-one
seems to have noticed any such returned mail and plenty of people are
using greylisting now.)
When we started to use greylisting in 2003 we noticed this problem
almost immediately, because one of the largest ISPs in Austria was using
such a load-balancing cluster at the time.
Since the use of such clusters is relatively rare (right now gmail is
only one I can think of off the top of my head), it is often possible to
simply whitelist those ip ranges where you notice the problem.
There's no way for me to experiment with this idea easily without writing
my own MTA (something I was thinking of doing anyway, also mostly in Tcl,
as it happens), as Sendmail, my current choice, can't possibly be extended
without pretty heavy patching.
If you know Perl you might want to take a look at qpsmtpd, which lets
you write small plugins in Perl which can modify just about anything in
an SMTP transaction.
_ | Peter J. Holzer | I know I'd be respectful of a pirate
|_|_) | Sysadmin WSR | with an emu on his shoulder.
| | | hjp(_at_)hjp(_dot_)at |
__/ | http://www.hjp.at/ | -- Sam in "Freefall"
Description: Digital signature