John Levine wrote in
<20220106220659(_dot_)70ABD345A0EF(_at_)ary(_dot_)qy>:
|It appears that Steffen Nurpmeso <steffen(_at_)sdaoden(_dot_)eu> said:
|>These rotations surely have an impact on RFC 6647, 5.,
|>
|> 1. Implement greylisting based on a tuple consisting of (IP address,
|> RFC5321.MailFrom, and the first RFC5321.RcptTo).
|>
|>that was not forseeable to this extent in 2012?
|
|Item 5 in section 5 says:
|
| To accommodate those senders that have clusters of outgoing mail
| servers, greylisting servers MAY track CIDR blocks of a size of
| its own choosing, such as /24, rather than the full IPv4 address.
| (Note, however, that this heuristic will not work for clusters
| having machines on different networks.) A similar grouping
| capability MAY be established based on the domain name of the
| mail server if one can be determined.
|
|Is this the problem you are encountering or something else?
Yes that section from the RFC.
|In my experience, allowing matches within a /24 in IPv4 or a /64
|in IPv6 largely addresses this problem.
|
|>How useful is greylisting on
|>overall and/or on this scale today, and tomorrow?
|
|My small system recently greylisted 21238 sending hosts of which 12745
|retried and 8770 didn't. Once a host retries, it isn't greylisted
|again unless it hasn't sent any mail for over a month. Spot checks
|show that the 40% of hosts that don't retry are almost all spambots,
|so it's useful, but not so much we'd change the protocol.
Below.
|Apropos jck's question, while we might consider revising 6447, this \
|has nothing
|to do with 5321 so replies are directed to the ietf-smtp list.
I was not subscribed there. Now i am (shall this thread
continue).
This is interesting, for example the Firefox browser i use only
can manage one password for all the IETF mailing-lists i am
subscribed too (iirc, many many months, but it tried to auto-fill
a false one now, and i definetely recall having problems with
password auto-fill for mailing-list subscriptions), so
auto-filling the password just does not work.
These are interesting numbers far beyond mine, thank you! (It
surely will increase now that i post on @ietf.org, as always.)
Yes /24, not /8. Really very interesting that /24 is of so much
use even today. Many sites use multiple "deferred" until a retry
is accepted, and your "one month" white listing is also a number
quite large i think.
I find it interesting that such simple greylisting that cannot
even correctly identify a specific message seems so useful still.
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp