On 2025/08/14 11:21, John R Levine via mailop wrote: > On Thu, 14 Aug 2025, Peter N. M. Hansteen wrote: > > On Thu, Aug 14, 2025 at 08:28:08AM +0100, Stuart Henderson via mailop wrote: > > > With some implemwntations it is possible to do this and accept mail from > > > conforming servers on the first delivery attempt (so not greylist-like > > > at all really in that sense), so you can do "early talker" (aka pregreet > > > delay) without the big problem greylisting has with retries from a > > > sending system that uses multiple exit IPs for retries of the same > > > email. > > > > Yes, the multiple sender IP problem is the main downside of greylisting. > > I've found that fuzzing the address to a /24 usually solves the IP address > problem without many false positivies.
Me too, usually. (openbsd spamd which Peter is using doesn't allow that though; unless patched it only matches the full /32). > The more serious issue is that it > can be a long time until the sender retries which makes users unhappy when > they're waiting for a password reset or a 2FA code. There was an issue a few months back where Apple retried from all sorts of addresses, with a delay warning time of from what I remember around an hour or so, and a queue expiry of somewhere around 3 hours. Users were not happy. When that happened, I got rid of the last of my postscreen after-accept checks (which imposed a greylisting-like delays on new IPs), and haven't noticed appreciably more junk since then. (I do still do 'normal' greylisting on high scoring mail and haven't had an issue with that). _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
