Jeremy Huntwork wrote: > The basic idea is that whenever a new MTA (one that is not in the > greylisting database) attempts to deliver mail, the mail is > automatically rejected. If the MTA is a valid MTA, it will retry to > deliver the mail after a few minutes.
Assuming the user doesn't get a "your message has been delayed" message from their MTA in the meantime. It's been a while since I looked at the SMTP RFC(s), so I don't know if there's any minimum time (or minimum number of attempts) that have to pass before the user gets notified, but I'm guessing there isn't. If that's true, it would be valid for an MTA to notify the user if the first attempt failed. (Of course I don't know if there *are* any MTAs that work like this, either.) If there are any users on a setup like this, I can see some confusion happening. Also, the "after a few minutes" may be how most MTAs today work, but I doubt it's required behavior. I would bet that either the retry intervals are completely up to the MTA, or that the RFCs specify a minimum but not a maximum. I would bet that a half-hour retry interval would be "legal". Finally, I would hope that when the greylisting engine "rejects" a mail, it does so with a temporary-failure code (4xx), not a permanent-failure code (5xx). Otherwise MTAs don't have to retry the messages, and some likely won't. I would assume that something like this has been thought through by the people that implemented the greylisting already, but it might be worthwhile to make sure. If I remember, I'll try sending a mail "directly" from my IP to my @lfs.org address through telnet, which should get rejected by the greylist, and see what response I get. (Of course I'm on a dynamic IP, too. Hope that doesn't complicate things.) It sounds like this will reduce spam, yes, but I'm just slightly concerned it will also introduce some user confusion (either due to "your message hasn't been delivered yet" messages or "I send this an hour ago, and it hasn't been delivered yet!" because their MTA is slow doing retries). But maybe I'm just used to the way people think at work ("if it doesn't work RIGHT NOW, it's not working: call support!").
signature.asc
Description: OpenPGP digital signature
-- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page