ietf-smtp
[Top] [All Lists]

Re: Proposal: Using Conservative EHLO Response Parser Behaviour For Tarpitting

2007-06-18 14:39:37
On 2007-06-18 02:27:48 +0100, Sabahattin Gucukoglu wrote:
However, in environments where clustering, proxying, load balancing or 
gatewaying are used to share the load of distributing mail from an 
identical source, greylisting will delay mail for longer than is necessary 
if multiple attempts happen to be made by different hosts in a cluster.   
If there are enough hosts sending mail, and depending on the greylisting 
timeouts and the queueing timeouts set at recipient and sender of the mail 
respectively, and supposing every host that tries is uniquely chosen, it 
might even be possible that mail will fail to be delivered in the time the 
sender decides mail can wait for delivery in a queue.   The mail will then 
be returned to the sender as undeliverable for a transient reason, which 
most greylisting implementations obfuscate as general system faults.  
(Although it seems that this problem is already known well enough, no-one 
seems to have noticed any such returned mail and plenty of people are 
using greylisting now.)

When we started to use greylisting in 2003 we noticed this problem
almost immediately, because one of the largest ISPs in Austria was using
such a load-balancing cluster at the time.

Since the use of such clusters is relatively rare (right now gmail is
only one I can think of off the top of my head), it is often possible to
simply whitelist those ip ranges where you notice the problem.


There's no way for me to experiment with this idea easily without writing 
my own MTA (something I was thinking of doing anyway, also mostly in Tcl, 
as it happens), as Sendmail, my current choice, can't possibly be extended 
without pretty heavy patching.

If you know Perl you might want to take a look at qpsmtpd, which lets
you write small plugins in Perl which can modify just about anything in
an SMTP transaction.

        hp

-- 
   _  | Peter J. Holzer    | I know I'd be respectful of a pirate 
|_|_) | Sysadmin WSR       | with an emu on his shoulder.
| |   | hjp(_at_)hjp(_dot_)at         |
__/   | http://www.hjp.at/ |    -- Sam in "Freefall"

Attachment: signature.asc
Description: Digital signature