Hello
I believe I have discovered (one opinion) about the failure of MailMax
mailers
in resending email when graylisted. The problem occurs when a mail
server does
not retry after a 451 error. From what it looks like there is no fix for
less than
adequate mailer software accept to whitelist those servers.
*******
Direct SMTP reception also allows greylisting. The technique is simple.
For each
received e-mail, a triplet is built from the sender's IP, the "from"
address and
the destination address, and stored in a database. All mails with
triplets not
having occurred earlier will be blocked temporarily ("451 Try again
later" in
the SMTP dialogue after Rcpt to). When the sender retries the delivery
later on,
the triplet already exists and the mail can pass through. Most viruses
and many
spammers never retry, so greylisting often reduces unwanted mail by
30...80 %,
depending on which other filters are used in addition. Unfortunately,
some buggy
mail systems have problems when sending messages to a greylisting server, so
they may have to be whitelisted:
* Tobit David retries, but immediately sends a warning bounce to the
sender
when the destination server issues a 451. This is quite confusing for
the user
who might think that the mail was rejected.
* Lotus Notes (in some versions) handles the temporary result code
451 as a
final error and bounces the e-mail without ever retrying, ignoring the SMTP
standard (RFC 2821).
* Novell Groupwise 6.0 does the same and does not handle the temporary
failure 451 correctly. This defect has been fixed in the GW 6 SP4 version of
28-Aug-2003.
* Some other less-spread mail systems like Capesoft, ISMail, MailMax and
InterMail have similar problems and do not retry at all after a 451 error.
Typical server retry times
Retry after Servers
0...5 min 33 %
5...20 min 33 %
20..60 min 27 %
1...3 h 5 %
3...12 h 2 %
(Snapshot only, your
results may differ!)
A slightly improved version is "light greylisting" which ignores the lowest
(last) byte of the IP address when building the triplet. This is useful
since
large providers like Web.de run server farms for mail delivery with
different IP
addresses; typically the first three IP bytes will always be the same
for all
servers in one farm. Unfortunately this is not true for AOL or Amazon; a
retry
of the same e-mail often comes from a completely different netblock, but
usually
their third try works at last.
*******
the original post is at (12/2007):
http://www.shamrock-software.eu/spam.htm
best
--
Greg Cirino
_______________________________________________
spamdyke-users mailing list
[email protected]
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
