|
Re: We need an IETF BCP for GREY LISTING
2011-10-12 09:31:31
+1.
Yes, for some systems, GL seem to have become part of their existing
load management (or the other way around). So the retry hint can be
(optionally) implemented as part the servers overall management. That
would be certainly something to consider for our own system which is
currently separate. The load management is inherent part of the C/C++
SMTP receiver, and the Greylisting is an add-on p-code component hook
into the DATA state. The scripting language has inherent API access
the SMTP setup so this would be easy. The C/C++ receiver can read the
wcGreyList.INI too, so its all doable here. Thanks for this reminder. :)
Yes, a simple structured BCP response with keyword (retry: or retry=)
to key in on is all that is needed.
Real Bad guys will never follow anything and that is what GL helped
protect against. But even if some bad guys adapt from this, so what?
As long as they had a normal MTA following SMTP retry recommendations,
they will never have an issue anyway. I don't see any downside to this.
Thanks Paul.
--
HLS
Paul Smith wrote:
Having thought about this a bit, I can't see any problem with a BCP or
even with the server saying 'try again in 5 minutes' (or whatever)
Yes, you may say that this will help spammers - well, if spammers are
able/willing to 'try again in 5 minutes', they will already be doing so,
thus getting around greylisting. If they aren't (for whatever reason),
then they'll probably also ignore the 'try again in 5 minutes' response.
They obviously know about greylisting, so apparently many have decided
not to bother with it for some reason. Why would telling them the retry
time make them change their minds about this?
However, the 'try again in 5 minutes' information will help legitimate
senders/receivers who want to take advantage of the feature, so it has a
definite up-side, and a dubious down-side. As previously mentioned, the
'try again in 5 minutes' response doesn't need to be limited to
grey-listing but could be used for load management as well.
It wouldn't even need to be much, just respond
421 4.2.x [retry:300s] connection refused for now. Try again later
it wouldn't interfere with MTAs which don't understand it, and would
give a hint to those which do.
| <Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: We need an IETF BCP for GREY LISTING, (continued)
- RE: We need an IETF BCP for GREY LISTING, Murray S. Kucherawy
- Re: We need an IETF BCP for GREY LISTING, Steve Atkins
- Re: We need an IETF BCP for GREY LISTING, Keith Moore
- RE: We need an IETF BCP for GREY LISTING, Murray S. Kucherawy
- Re: We need an IETF BCP for GREY LISTING, Keith Moore
- Re: We need an IETF BCP for GREY LISTING, Hector
- Re: We need an IETF BCP for GREY LISTING, Paul Smith
- Re: We need an IETF BCP for GREY LISTING,
Hector <=
- RE: We need an IETF BCP for GREY LISTING, Murray S. Kucherawy
- Re: We need an IETF BCP for GREY LISTING, Dave CROCKER
- Re: We need an IETF BCP for GREY LISTING, Steve Atkins
- Re: We need an IETF BCP for GREY LISTING, Dave CROCKER
- Re: We need an IETF BCP for GREY LISTING, Richard Kulawiec
- Re: We need an IETF BCP for GREY LISTING, John Levine
- Greylisting retry hints, Hector
- Re: We need an IETF BCP for GREY LISTING, John Levine
- RE: We need an IETF BCP for GREY LISTING, Murray S. Kucherawy
- Re: We need an IETF BCP for GREY LISTING, Tim Kehres
|
|
|