On 15 Aug 2013, at 01:30 , Grant <emailgr...@gmail.com> wrote: >>>>> A few people have told me they received an email error message after >>>>> emailing me. I'm trying to get a copy of one of the error emails, >>>>> but I can't imagine what would cause that besides possibly my >>>>> greylisting. Has greylisting been known to lead to email error >>>>> messages being sent to senders in some instances? >>>> >>>> The sender may receive an error if their server has an unusual >>>> setup. Such servers must be whitelisted in your greylist software. >>> >>> The last sender who told me about the error message was on a >>> comcast.net address. >> >> Comcast (nor any major provider) should be greylisted. Any >> reasonable greylist software should have a setting to whitelist >> well-known mail servers. > > So I'm sure I understand, well-known mail servers should be whitelisted?
No known mailer should ever hit your greylist. Think about it, what is the greylist food? It's not to stop Google or comcast sending you mail. You know those are legitimate mailers and they will retry, so what are you accomplishing? You use a greylist (though I recommend you don't) so try to stem the flow of botnets sending spam. They don't come back and retry, so greylisting is effective. >>> It turns out I'm using postscreen with deep protocol checks: >> >> Postscreen will defer one mail once every 30 days per unique client IP. >> >> If that's not acceptable, turn off postscreen deep protocol checks >> or whitelist known good servers (from domain SPF records?) in the >> postscreen access list. > > The deep protocol checks have eliminated most of the spam from my > inbox so I'd like to keep them in place. Yes, but the key up there is "per unique IP". So, let's say that google has 4,000 mail servers. You could potentially hit all of them. If you are a low-traffic site, you will be deferring google mail all the time, and that may not be good because let's say you need an email and it comes from machine 1, and is retried by machine 211 and then retried by machine 3855. And you defer it every time. > >> Postfix 2.11 (currently in development snapshots) includes a >> wonderful feature to bypass postscreen tests for clients listed in >> dns whitelists, such as list.dnswl.org, greatly reducing unnecessary >> tests. And there was much rejoicing. \O/ -- I WILL NOT SCREAM FOR ICE CREAM Bart chalkboard Ep. AABF03
