[Linux-aus] SPF problems too

[Steve Walsh]

Hello Russell

On 03/02/2016 12:23 AM, Russell Coker wrote:
> Wouldn't it make more sense to have greylisting running on the addresses that
> aren't for subscriber-only lists?  When a list only allows subscribers to post
> it won't benefit from greylisting.

Taking an example transaction from wikipedia (it's on the internet, it 
must be true, right?);

1: 220 smtp.example.com ESMTP Postfix
2: HELO relay.example.org
3: 250 Hello relay.example.org, I am glad to meet you
4: MAIL FROM:<bob at example.org>
5: 250 Ok
6: RCPT TO:<alice at example.com>
7: 250 Ok
8: RCPT TO:<theboss at example.com>
9: 250 Ok
<snip>

At the moment, postgrey kicks in at line 4. Are you suggesting we 
(somehow) reconfigure postgrey to start later in the conversation, say 
around line 6 or 8?

I've spent the last several months trying various modifications on "how 
to make greylist apply to the receiving domain and not the sender 
domain", and have not been able to find a way to make greylisting, a 
sender deferring technology, function at a per-recipient domain level.

Short of writing our own version of the SMTP standard, we're just plain 
stumped on how we can make this happen. Can you perhaps share a link to 
a page with instructions on how to make postgrey wait longer in the 
conversation, and to defer at the recipient domain level, rather than at 
the first identifying stage of the SMTP transaction like it currently does?

Or, alternatively, are you suggesting that LA runs multiple mail servers 
for each type of service we currently consolidate down to one machine, 
such as lists, general mail, RT instances, conferences, etc, and only 
configure greylisting on the instances that really critically need it?

regards


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linux.org.au/pipermail/linux-aus/attachments/20160302/ece9a3ea/attachment.html>