procmail
[Top] [All Lists]

Re: email redirection and the server IP

2005-08-18 09:02:30
On Thu, 18 Aug 2005 08:32:29 -0600 Lloyd Standish
<lloyd(_at_)costa-rica-natural(_dot_)com> wrote:

I have a question about email redirection, as it relates to greylisting.   
Is is true that email redirection is generally MTA-level, and that the  
original sender IP is passed on by the redirecting computer to the  
destination MTA?  If this were not true, then greylisting would not work  
for redirected mail, since the sender IP would be replaced by the IP of  
the redirecting computer.

-- Lloyd (If emailing me directly, include "Standish" in the message  
subject or body.)

No, that's not how MTA level greylisting works. It goes this way (adding
stuff about redirection):

send mail from a(_at_)domain1(_dot_)tld to b(_at_)domain2(_dot_)tld It gets 
accpted by the server
at doamin2.tld b(_at_)domain2(_dot_)tld redirects all of his mail to 
b(_at_)domain3(_dot_)tld The
MTA at domain2.tld generates a NEW message to b(_at_)domain3(_dot_)tld (or 
accepts a
new message generated by procmail etc.) It DOES NOT MATTER what the
envelope SENDER is set to the MTA at domain2.tld connects to the MTA at
domain3.tld to send the message The MTA at domain3.tld issues a 4xx Service
Temporarily Unavailable message (usually with text info stating that it is
greylisting) The MTA at domain2.tld should put the message in the queue and
retry delivery later. 

Most spammers don't retry because when sending thousands of messages per
second the queue from undeliverables could kill a server quickly. Or, they
retry immediately. Greylisting hosts generally require at least a 5 minute
delay before one retries. Retrying before 5 minutes has expired resets the
timer to require another 5 minutes  because a sensibly configured MTA has a
logarythmic retry timer that extends the waiting time before trying to send
again after each failed attempt.

The procmail list server greylists with 30 day auto whitelisting of
successful senders. I found this out the other day when I tried to respond
to Michele's post about her auto-responder woes. My post failed for other
reasons (I screwed up my MUA and it inserted the wrong sender address) and
when trying to determine why my post failed to go through I saw the
greylisting headers in my mail logs. This means that if you send an email
to the list server and your MTA IP is not in the whitelist then you get
greylisted with the requisite 5 minute delay. If your MTA behaves properly
and resends after waiting at least 5 minutes then the IP address of that
MTA gets put in a whitelist and is no longer subject to greylisting for the
next 30 days. Every time the list server accepts a new message from that
MTA the 30 day timer is reset. So, if you post at least one message every
29 days you are never greylisted again.

There are (MANY) other possible rules to greylisting and they may depend on
the policy server one uses to handle the greylisting aspect of MTA
management. This is a basic description covering your question. Other
requirements are generally that the exact same message be sent on the
second try and it has to come from the same IP -- certain big ISPs and
corporations have to be whitelisted ahead of time because they use MTA
farms and retries may come from a different IP or have a different message
ID from being regenrated out of a specialized queue management system
(Yahoo and AOL come to mind).

This is my understanding of how greylisting works. I'm doing further
research before choosing a greylisting policy server to implement at
sysmatrix.net. If I've made any obvious blunders someone please point them
out.

G2


____________________________________________________________
procmail mailing list   Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail

<Prev in Thread] Current Thread [Next in Thread>