On 2007-06-18 02:27:48 +0100, Sabahattin Gucukoglu wrote: > However, in environments where clustering, proxying, load balancing or > gatewaying are used to share the load of distributing mail from an > identical source, greylisting will delay mail for longer than is necessary > if multiple attempts happen to be made by different hosts in a cluster. > If there are enough hosts sending mail, and depending on the greylisting > timeouts and the queueing timeouts set at recipient and sender of the mail > respectively, and supposing every host that tries is uniquely chosen, it > might even be possible that mail will fail to be delivered in the time the > sender decides mail can wait for delivery in a queue. The mail will then > be returned to the sender as undeliverable for a transient reason, which > most greylisting implementations obfuscate as general system faults. > (Although it seems that this problem is already known well enough, no-one > seems to have noticed any such returned mail and plenty of people are > using greylisting now.)
When we started to use greylisting in 2003 we noticed this problem
almost immediately, because one of the largest ISPs in Austria was using
such a load-balancing cluster at the time.
Since the use of such clusters is relatively rare (right now gmail is
only one I can think of off the top of my head), it is often possible to
simply whitelist those ip ranges where you notice the problem.
> There's no way for me to experiment with this idea easily without writing
> my own MTA (something I was thinking of doing anyway, also mostly in Tcl,
> as it happens), as Sendmail, my current choice, can't possibly be extended
> without pretty heavy patching.
If you know Perl you might want to take a look at qpsmtpd, which lets
you write small plugins in Perl which can modify just about anything in
an SMTP transaction.
hp
--
_ | Peter J. Holzer | I know I'd be respectful of a pirate
|_|_) | Sysadmin WSR | with an emu on his shoulder.
| | | [EMAIL PROTECTED] |
__/ | http://www.hjp.at/ | -- Sam in "Freefall"
signature.asc
Description: Digital signature
