On Sun, Feb 26, 2006 at 10:29:43PM +0200, Yizhar Hurwitz wrote: > I would like to share a specific issue that I had with greylisting at > the sender side: > > I manage [...] MS Exchange 2003. > Some of the recipients that my customers send emails to, are using some > sort of greylisting (I didn't check which method exactly). [only half coherent description of problem] > However - the bottom line was the important emails (important for both > sender and recipient) where delayed for more then 1 week, without any > notification to sender nor recipient!
That sounds like an enormous bug in the setup on the exchange side. > I haven't asked MS [...] > > * I assume that this is not a single specific issue but does/will > probably affect customers in other similar scenarios. I doubt it. To be blunt - it sounds like an incompetently managed Exchange server. Sure, some issue like this are likely to be present in more than one location - dumb admins are everywhere, and not only behind winders machines. But that's the whole point. We detect spammers in basically two ways - by their breaking of RFCs, and by the content of their message. Greylisting falls in the first category. So, if you're stupid enough to do the Exchange equivalent of running sendmail without a queue runner, then, yes, mail to greylisted hosts will not arrive, ever, and you'll be classified a "spammer" by the greylisting system. Now I'm not too fond of Exchange, but I do know a little bit about MS Exchange, and I am positive that a properly configured exchange server has no trouble dealing with a greylisting mailserver. Now, all exchange experts I've spoken to, agree that one of the cardinal mistakes you can make in setting up an exchange server is letting it talk directly to the internet at large - you should always put it behind a sendmail(or other unix MTA) box that does the actual mail receiving and transmitting into the whole bad world for it. (However, those deeply inundated with M$ will only very reluctantly admit this). It looks like in your situation you made at least this setup error. > * My point is that you should also take into account that greylisting > might cause more severe problems and not only delays of few minutes, > and this should be added to the "cons" count against greylisting. I'd say that counts as one of the "cons" of incompetence :) Temporary failures do happen, occasionally, independent of greylisting. If your setup cannot handle that, then you have a problem. > * You can say: "that's a problem of the sending server, not mine (the > recipient side)". Indeed it is. The whole world will not compensate for the inadequacies of a small group of incompetent administrators. Not anymore - the internet is moving away from that view very fast. We tried it, and it worked pretty well in the old days, but it stopped working when some particularly anti-social individuals found out it was sooo easy to abuse this implicit trust you got everywhere. > But your customers (end users and management) might argue about > important emails lost or delayed for days. That happens too without greylisting... > The issue I have described should be counted as one of the "cons" against > it. I'd rather chalk it up as "FUD", because that is the exact sentiment in your message. -- Jan-Pieter Cornet <[EMAIL PROTECTED]> !! Disc lamer: The addressee of this email is not the intended recipient. !! !! This is only a test of the echelon and data retention systems. Please !! !! archive this message indefinately to allow verification of the logs. !! _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
