better blocking at MTA level (off-topic)
Koopmann, Jan-Peter
jan-peter at koopmann.eu
Sat May 26 14:04:23 IST 2007
On Saturday, May 26, 2007 10:17 AM "Koopmann, Jan-Peter"
<jan-peter at koopmann.eu> wrote:
> The problem with greylisting as we found when we enabled it was that
> some MTA's treat a temporary reject code (450) as a permanent reject
> code (550) and our customer was complaining that they weren't getting
> email.
I fully agree. As someone else mentioned a 451 might give better
results.
> source getting blocked and not getting through to them. Until we can
> resolve the problem without telling our customer to tell anyone
> emailing them with problems to get their MTA fixed it unfortunately
> has to be off...
Just the same problem as I am having enforcing all the other rules.
Again: I feel with you.
> It did vastly reduce the load on our server whilst
> greylisting was active though.
Still seems to be quite effective but I suppose more and more botnets
will circumvent greylisting. Some already are.
> The hit of the first email being delayed for the 5 minutes we
> initially chose was insignificant and no-one would really notice...
Attention: Just because you choose 5 minutes does not mean there will be
a 5 minute delay. Most MTAs I know (at least old Exchange installations
and yes there are dumb people out there using Exchange as the only MTA!)
use a 15 minute retry cycle. This results in at least 15 minutes delay
if not more. And we have several clients not liking that idea. :-(
More information about the MailScanner
mailing list