Re: [swinog] RBL's (again) (Was: Anyone from Green here?)

[Marco Fretz]

Tonnerre Lombard wrote:
> Salut, Marco,
> 
> On Mon, 20 Oct 2008 14:15:41 +0200, Marco Fretz wrote:
>> What I'm trying to say is: As a mail service provider ("recipient
>> side") you can use greylisting and if there are some buggy mailers
>> out there in the internet (or in your local network) it's not a
>> greylisting problem and it's not your problem. they have to fix there
>> mailer problems ("sender side"). it's not the ISP who has to adapt
>> mail services to buggy customer stuff ^^
> 
> Or maybe you just didn't listen...

...and maybe we should stop discuss this :-)

> 
>   Tonnerre
> 
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] RBL's (again) (Was: Anyone from Green here?)

[Tonnerre Lombard]

Salut, Marco,

On Mon, 20 Oct 2008 14:15:41 +0200, Marco Fretz wrote:
> What I'm trying to say is: As a mail service provider ("recipient
> side") you can use greylisting and if there are some buggy mailers
> out there in the internet (or in your local network) it's not a
> greylisting problem and it's not your problem. they have to fix there
> mailer problems ("sender side"). it's not the ISP who has to adapt
> mail services to buggy customer stuff ^^

Or maybe you just didn't listen...

Tonnerre



signature.asc
Description: PGP signature
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] RBL's (again) (Was: Anyone from Green here?)

[Marco Fretz]

Hi Tonnerre,

You got me wrong :-)

What I'm trying to say is: As a mail service provider ("recipient side")
you can use greylisting and if there are some buggy mailers out there in
the internet (or in your local network) it's not a greylisting problem
and it's not your problem. they have to fix there mailer problems
("sender side"). it's not the ISP who has to adapt mail services to
buggy customer stuff ^^

A mailer script which doesn't support queueing or in other words
RFC-conform MTA operation will cause problems anyway regardless if
greylisting is used or not, other 4xx codes, etc...

maybe my opinion is very radical but I think it's the way it should be.
Of course I know there are exceptions with individual customer
situations, etc.

bests
 Marco

Tonnerre Lombard wrote:
> Salut, Marco,
> 
> On Fri, 17 Oct 2008 15:21:59 +0200, Marco Fretz wrote:
>> Of course I know what you mean. That's the thing every webhoster have
>> to fight with. Last year I was on the Secure Linux Admin Conference in
>> Berlin. There was a workshop how to protect shared hosting
>> webservers...
> 
> I am talking about the recipient side. I don't think it's a safe
> assumption that all scripts _your_ _mail_ _users_ will receive mail
> from are under your control.
> 
>> If I remember correctly the 2nd or 3th step was: prevent the users
>> from using SMTP (or any other port) to the internet and only allow the
>> destination you choose, your mailrelay servers, http proxy, etc.
> 
> That is great, but not everyone does that. In fact the number of
> providers which do that is fairly low. I would do so myself, also for
> the reason that this prevents people owning a web service to spam
> around in a volatile manner, but that's not the point at all.
> 
>> crap customer scripts don't look like a reasonable argument against
>> greylisting to me. though some webhosting customers might send mails
>> with their mailer script to recipients which are not on your mail
>> server and this other mail server maybe is also protected with
>> greylisting, ergo same problem ergo problem not solved...
> 
> For the receiving server, it is.
> 
>> do you see what I mean, now? :) or maybe I didn't fully understand the
>> issue you had.
> 
> No, you don't.
> 
>> but agreed it's always hard to decide if you want "secure" systems or
>> "happy" users.
> 
> That would be true if there was no way around greylisting, but there is.
> 
>   Tonnerre
> 
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] RBL's (again) (Was: Anyone from Green here?)

[Marco Fretz]

Stanislav Sinyagin wrote:
> actually greylisting works pretty well, and the whitelist 
> of exceptions is relatively small (not more than 300 entries as 
> far as I remember). Also if you communicate the value 
> of it to the customers, they tend to agree that having 90% of spam 
> filtered before entering the system is worth waiting for half an hour 
> for email from a new source. 
> 
> It's also a matter of resources: if you don't want or cannot enable 
> greylisting, you have to invest more resources into a more sophisticated 
> mail filtering software. Even if it's available for free, still developing 
> and maintaining your solution might become too expensive.

agreed. maintenance for spamassassin or equal tools is much more time
intensive than setting up and controlling greylisting. though my
experience was that it's not necessary to use a long greylisting time, 5
minutes are usually more than enough to filter out 95% of bad mailers
and usually queue times are 5,10 or 30mins for the first retry so users
don't have to wait more then 5-30 mins at average.

the resource question isn't just about the software, using content
filter tools e.g. spamassassin consumes a lot of CPU and memory and if
you don't have proper hardware it might also result in delays or other
problems...

> 
> so, basically as we discussed it already last week in regards to Skype:
> use the right tools for the right task :-)
> 
> 
> 
> 
> 
> 
> 
> - Original Message 
>> From: Tonnerre Lombard <[EMAIL PROTECTED]>
>> To: [EMAIL PROTECTED]
>> Cc: swinog@lists.swinog.ch; [EMAIL PROTECTED]
>> Sent: Friday, October 17, 2008 5:27:10 PM
>> Subject: Re: [swinog] RBL's (again) (Was:  Anyone from Green here?)
>>
>> Salut, Per,
>>
>> On Fri, 17 Oct 2008 12:47:48 +0200, Per Jessen wrote:
>>> Another option is to disable greylisting just for that one
>>> mailserver.  
>> This implies that either you know all servers hosting broken scripts
>> (NP-complete I think) or your customers will always communicate
>> problems. Usually they encounter them and rant about it on their
>> Stammtisch and then change provider to someone with one hell of a lot
>> of SPAM.
>>
>> Tonnerre
> 
> ___
> swinog mailing list
> swinog@lists.swinog.ch
> http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] RBL's (again) (Was: Anyone from Green here?)

[Tonnerre Lombard]

Salut, Stanislav,

On Fri, 17 Oct 2008 08:42:49 -0700 (PDT), Stanislav Sinyagin wrote:
> actually greylisting works pretty well, and the whitelist 
> of exceptions is relatively small (not more than 300 entries as 
> far as I remember). Also if you communicate the value 
> of it to the customers, they tend to agree that having 90% of spam 
> filtered before entering the system is worth waiting for half an hour 
> for email from a new source. 

They don't care as long as they receive all mails they want to.

> It's also a matter of resources: if you don't want or cannot enable 
> greylisting, you have to invest more resources into a more
> sophisticated mail filtering software. Even if it's available for
> free, still developing and maintaining your solution might become too
> expensive.

I've found a different method to be at least equally time-saving:
rejecting SPAM rather than accepting and deleting it. The basic dialog
looks about like this:

 Out: 220 planck.ngas.ch ESMTP Postfix (2.5.1)
 In:  HELO gurgel.org
 Out: 250 planck.ngas.ch
 In:  MAIL FROM: <[EMAIL PROTECTED]>
 Out: 250 2.1.0 Ok
 In:  RCPT TO: <[EMAIL PROTECTED]>
 Out: 250 2.1.0 Ok
 In:  DATA
 Out: 354 End data with .
 In:  [...]
 In:  .
 Out: 550 Keep your SPAM to yourself.

The scheme doesn't look as great as it works. The end result is that
the spammer learns that the address is not reachable (because permanent
errors are usually received for non-existent addresses) and won't retry
as frequently as for others.

This keeps the level of incoming SPAM really low. In addition, it has
the great advantage that if a sender really happens to fall into the
false positive trap, he will discover it immediately by receiving a
mail from his own mail server saying that the mail could not be
delivered, rather than to notice after days that the other end has
deleted or never read the mail.

Greetings from inside the Grenchenbergtunnel,

Tonnerre



signature.asc
Description: PGP signature
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] RBL's (again) (Was: Anyone from Green here?)

[Daniele Guazzoni]

...and beside that, is really strange that 90% of the professional spam cleaner 
(I'm talking about services not appliances) extensively use greylisting.

I'm using greylisting (with some self made scripts to auto learn to withe and 
blacklist) since 2 1/2 years and I never missed a single mail.

Someone said that "greylisting is a religion".
No, it's not.
It's just a pretty effective method of keep the spam out.
There are lot of tools, scripts and applications to do that but most of them 
are quite cpu intensive.
98% of the incoming spam is catched by the greylisting engine with almost zero 
cpu, only the remaining 2% need to be analyzed.

And so fair as I am, I also put a notice in the 450 and 554 error code 
explaining why it is delayed or rejected.
That's not true for notorious spammers which will hangs for hours in my tarpit 
(and thus saving some other people from being spammed).
I know that spammers don't cares about logs but I expect a serious mail-admin 
does (at least the non M$ admins) and can react on it.

As long as the internet community does not efficiently fight spam at the source 
I will put my efforts on fighting spam at the destination !
My personal opinion is that no consumer hoster or ISP (xDSL/Docsis) should 
allow their customers to send SMTP directly (beside some exceptions).
Just a matter of keep the mess out of the net.
We all know that most of the spam comes from bot pc which are on residential 
access.
I guess that if every ISP would apply a mandatory SMTP-relay we would have at 
least 70% less spam !

And now I stop before we start another "never ending flame-up" discussion :-)


Stanislav Sinyagin wrote:
> actually greylisting works pretty well, and the whitelist 
> of exceptions is relatively small (not more than 300 entries as 
> far as I remember). Also if you communicate the value 
> of it to the customers, they tend to agree that having 90% of spam 
> filtered before entering the system is worth waiting for half an hour 
> for email from a new source. 
> 
> It's also a matter of resources: if you don't want or cannot enable 
> greylisting, you have to invest more resources into a more sophisticated 
> mail filtering software. Even if it's available for free, still developing 
> and maintaining your solution might become too expensive.
> 
> so, basically as we discussed it already last week in regards to Skype:
> use the right tools for the right task :-)
> 
> 
> 
> 
> 
> 
> 
> - Original Message 
>> From: Tonnerre Lombard <[EMAIL PROTECTED]>
>> To: [EMAIL PROTECTED]
>> Cc: swinog@lists.swinog.ch; [EMAIL PROTECTED]
>> Sent: Friday, October 17, 2008 5:27:10 PM
>> Subject: Re: [swinog] RBL's (again) (Was:  Anyone from Green here?)
>>
>> Salut, Per,
>>
>> On Fri, 17 Oct 2008 12:47:48 +0200, Per Jessen wrote:
>>> Another option is to disable greylisting just for that one
>>> mailserver.  
>> This implies that either you know all servers hosting broken scripts
>> (NP-complete I think) or your customers will always communicate
>> problems. Usually they encounter them and rant about it on their
>> Stammtisch and then change provider to someone with one hell of a lot
>> of SPAM.
>>
>> Tonnerre
> 
> ___
> swinog mailing list
> swinog@lists.swinog.ch
> http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
> 

-- 
This message has been scanned for viruses and
dangerous content by MailGate, and is
believed to be clean.

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] RBL's (again) (Was: Anyone from Green here?)

[Michael Naef]

Hi Tonnerre

On Friday 17. October 2008, Tonnerre Lombard wrote:
[..]
> That's illusionary. Most of the time they don't care about the
> one or two customers you at $technically_intelligible_isp
> have.

Did you realize that I'm not talking about greylisting but _real_ 
4xx?

> They care about gmail and hatemail because they are the 
> large ones. Your two customers just don't cover the cost of
> changing the running system.

I had the completly different experience dozens of times. If you 
explain them, that this way they can't be sure (as sure as one 
can be using email) that their mail reaches the recipient, 
they'll change with allmost no exception! don't know about your 
customers and will to explain such problems but if you take your 
time it works quite good.

have fun

Michi
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] RBL's (again) (Was: Anyone from Green here?)

[Per Jessen]

Tonnerre Lombard wrote:

> Salut, Per,
> 
> On Fri, 17 Oct 2008 12:47:48 +0200, Per Jessen wrote:
>> Another option is to disable greylisting just for that one
>> mailserver.
> 
> This implies that either you know all servers hosting broken scripts
> (NP-complete I think) or your customers will always communicate
> problems. Usually they encounter them and rant about it on their
> Stammtisch and then change provider to someone with one hell of a lot
> of SPAM.

Very true - I guess we're fortunate that our customers do tell us about
such problems.  We actively maintain a list of not-to-be-greylisted
servers, plus of course we do auto-whitelisting. 



/Per Jessen, Herrliberg

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] RBL's (again) (Was: Anyone from Green here?)

[Stanislav Sinyagin]

actually greylisting works pretty well, and the whitelist 
of exceptions is relatively small (not more than 300 entries as 
far as I remember). Also if you communicate the value 
of it to the customers, they tend to agree that having 90% of spam 
filtered before entering the system is worth waiting for half an hour 
for email from a new source. 

It's also a matter of resources: if you don't want or cannot enable 
greylisting, you have to invest more resources into a more sophisticated 
mail filtering software. Even if it's available for free, still developing 
and maintaining your solution might become too expensive.

so, basically as we discussed it already last week in regards to Skype:
use the right tools for the right task :-)







- Original Message 
> From: Tonnerre Lombard <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Cc: swinog@lists.swinog.ch; [EMAIL PROTECTED]
> Sent: Friday, October 17, 2008 5:27:10 PM
> Subject: Re: [swinog] RBL's (again) (Was:  Anyone from Green here?)
> 
> Salut, Per,
> 
> On Fri, 17 Oct 2008 12:47:48 +0200, Per Jessen wrote:
> > Another option is to disable greylisting just for that one
> > mailserver.  
> 
> This implies that either you know all servers hosting broken scripts
> (NP-complete I think) or your customers will always communicate
> problems. Usually they encounter them and rant about it on their
> Stammtisch and then change provider to someone with one hell of a lot
> of SPAM.
> 
> Tonnerre

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] RBL's (again) (Was: Anyone from Green here?)

[Tonnerre Lombard]

Salut, Michael,

On Fri, 17 Oct 2008 15:40:18 +0200, Michael Naef wrote:
> And that is something a customer with his little online shop 
> will show open ears to you explaining him why to change his 
> mailer script.

That's illusionary. Most of the time they don't care about the one or
two customers you at $technically_intelligible_isp have. They care
about gmail and hatemail because they are the large ones. Your two
customers just don't cover the cost of changing the running system.

Tonnerre



signature.asc
Description: PGP signature
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] RBL's (again) (Was: Anyone from Green here?)

[Tonnerre Lombard]

Salut, Marco,

On Fri, 17 Oct 2008 15:21:59 +0200, Marco Fretz wrote:
> Of course I know what you mean. That's the thing every webhoster have
> to fight with. Last year I was on the Secure Linux Admin Conference in
> Berlin. There was a workshop how to protect shared hosting
> webservers...

I am talking about the recipient side. I don't think it's a safe
assumption that all scripts _your_ _mail_ _users_ will receive mail
from are under your control.

> If I remember correctly the 2nd or 3th step was: prevent the users
> from using SMTP (or any other port) to the internet and only allow the
> destination you choose, your mailrelay servers, http proxy, etc.

That is great, but not everyone does that. In fact the number of
providers which do that is fairly low. I would do so myself, also for
the reason that this prevents people owning a web service to spam
around in a volatile manner, but that's not the point at all.

> crap customer scripts don't look like a reasonable argument against
> greylisting to me. though some webhosting customers might send mails
> with their mailer script to recipients which are not on your mail
> server and this other mail server maybe is also protected with
> greylisting, ergo same problem ergo problem not solved...

For the receiving server, it is.

> do you see what I mean, now? :) or maybe I didn't fully understand the
> issue you had.

No, you don't.

> but agreed it's always hard to decide if you want "secure" systems or
> "happy" users.

That would be true if there was no way around greylisting, but there is.

Tonnerre



signature.asc
Description: PGP signature
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] RBL's (again) (Was: Anyone from Green here?)

[Tonnerre Lombard]

Salut, Per,

On Fri, 17 Oct 2008 12:47:48 +0200, Per Jessen wrote:
> Another option is to disable greylisting just for that one
> mailserver.  

This implies that either you know all servers hosting broken scripts
(NP-complete I think) or your customers will always communicate
problems. Usually they encounter them and rant about it on their
Stammtisch and then change provider to someone with one hell of a lot
of SPAM.

Tonnerre



signature.asc
Description: PGP signature
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] RBL's (again) (Was: Anyone from Green here?)

[roger]

> What do you do, when customers are quitting their contracts
> because they think they receive too much spam? Which of the two
> groups will it be for you?
> 
some calls i got in the past.

 " your system is broken i miss some email but on my hatemail account i got 
them. are you not able to fix that ?"
"your server again trashing my email"
"client [EMAIL PROTECTED] cant send email to me, his mail getting back 
to him"
some mentioned to change the provider if i dont get that working.

NEVER heard: "There is spam in my inbox, fix that, on hatemail i dont have 
so much spam, maybe i should change the provider"

sometimes heard:, "i have some small ammount of spam, but its not hard to 
handle. maybe you could do somthing about it."

so see ? if you do something on the system which even rise the posibility of 
one email not deliverable, your on the wrong side. 

another thing is in an company your getting the responsability for getting the 
system working. improove the service. if you now implement systems which 
are preventing the service from working good, its up to the company if they 
COULD blame you for "sabotage" of the mail system... ever thought of that ?
Theoretically of course ;-)

Roger

> CU, Venty
> 
> -- 
> What we're planning here is World Domination!
> 
> ___
> swinog mailing list
> swinog@lists.swinog.ch
> http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
> 


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] RBL's (again) (Was: Anyone from Green here?)

[Marco Fretz]

Michael Naef wrote:
> On Wednesday 15 October 2008, Tonnerre Lombard wrote:
> [..]
>> Not very problematic for the mail server but of course the PHP
>> script does _not_ attempt redelivery. And your users go to
>> gmail, because there they get the mail. Not sure that's
>> desirable for you.
> 
> This whole discussion is pointless. Greylisting is a religion. 
> The believers worship it, the others damn it.
> 
> The realy important point is: Greylisting is a just using a 
> mechanism that should get going when something is goes wrong 
> accepting a message. This mechanics of retransmitting should not 
> only take action with greylisting involved but (and that is the 
> important point) when there appears a real technical problem. 
> And that is something a customer with his little online shop 
> will show open ears to you explaining him why to change his 
> mailer script.

that's exactly what I was trying to say in my last post :-) thank you
Michi...



> 
> have fun
> 
> Michi
> ___
> swinog mailing list
> swinog@lists.swinog.ch
> http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] RBL's (again) (Was: Anyone from Green here?)

[Michael Naef]

On Wednesday 15 October 2008, Tonnerre Lombard wrote:
[..]
> Not very problematic for the mail server but of course the PHP
> script does _not_ attempt redelivery. And your users go to
> gmail, because there they get the mail. Not sure that's
> desirable for you.

This whole discussion is pointless. Greylisting is a religion. 
The believers worship it, the others damn it.

The realy important point is: Greylisting is a just using a 
mechanism that should get going when something is goes wrong 
accepting a message. This mechanics of retransmitting should not 
only take action with greylisting involved but (and that is the 
important point) when there appears a real technical problem. 
And that is something a customer with his little online shop 
will show open ears to you explaining him why to change his 
mailer script.

have fun

Michi
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] RBL's (again) (Was: Anyone from Green here?)

[Marco Fretz]

Tonnerre Lombard wrote:
> Salut, Marco,
> 
> On Thu, 16 Oct 2008 15:22:39 +0200, Marco wrote:
>> fully agreed. thats a bad argument against greylisting. if php scripts
>> or other webserver stuff, like newsletter servers, etc.. use their own
>> MTA which is most likely a fancy carp script, as you said, then its
>> actually not the ISPs problem if a mail won't get delivered.
> 
> Technically, this is perfectly right, and personally I would like to
> see everyone writing such scripts burn in hell. But if your users insist
> on receiving the mail, you will either have to disable greylisting or to
> get a better set of customers.
> 
> This is basically the "collision" between "lazy technicians" coming up
> with "excuses why they're not responsible" and "stupid users who cannot
> do things right". I'm afraid that the purely technical point of view is
> not worth a dime if your users look for alternative providers.
> 
> Do you see what I mean?

Of course I know what you mean. That's the thing every webhoster have to
fight with. Last year I was on the Secure Linux Admin Conference in
Berlin. There was a workshop how to protect shared hosting webservers...

If I remember correctly the 2nd or 3th step was: prevent the users from
using SMTP (or any other port) to the internet and only allow the
destination you choose, your mailrelay servers, http proxy, etc.

Our customers cannot send mails directly, no way. The have to use local
sendmail. Out of 50 of our webhostings there was 1 using such carp
mailer scripts. we forced them to change it because no other good
provider will allow it anyway (of course a lot do so but maybe the
shouldn't :-))

My opinion is still that greylisting is a good thing against spam but
as you said not the only one.

crap customer scripts don't look like a reasonable argument against
greylisting to me. though some webhosting customers might send mails
with their mailer script to recipients which are not on your mail server
and this other mail server maybe is also protected with greylisting,
ergo same problem ergo problem not solved...

do you see what I mean, now? :) or maybe I didn't fully understand the
issue you had.

but agreed it's always hard to decide if you want "secure" systems or
"happy" users. "Der Kunde ist König"? actually he is but not always, we
want to satisfy our customers but we are also responsible that systems
are secure, do what the should do, etc.. if his buggy script or what
ever possibly compromises my systems I usually tell that to our
customers and more often than not they do not cancel any contracts due
to my explanation that we want to have secure systems.

Are you at SwiNOG next week, too? And interesting topic, isn't it? :)


nice weekend,
 Marco












> 
>   Tonnerre
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] RBL's (again) (Was: Anyone from Green here?)

[Per Jessen]

Tonnerre Lombard wrote:

> Salut, Marco,
> 
> On Thu, 16 Oct 2008 15:22:39 +0200, Marco wrote:
>> fully agreed. thats a bad argument against greylisting. if php
>> scripts or other webserver stuff, like newsletter servers, etc.. use
>> their own MTA which is most likely a fancy carp script, as you said,
>> then its actually not the ISPs problem if a mail won't get delivered.
> 
> Technically, this is perfectly right, and personally I would like to
> see everyone writing such scripts burn in hell. But if your users
> insist on receiving the mail, you will either have to disable
> greylisting or to get a better set of customers.

Another option is to disable greylisting just for that one mailserver.  


/Per Jessen, Herrliberg

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] RBL's (again) (Was: Anyone from Green here?)

[Tonnerre Lombard]

Salut, Martin,

On Fri, 17 Oct 2008 10:18:31 +0200, Martin Ebnoether wrote:
> What do you do, when customers are quitting their contracts
> because they think they receive too much spam? Which of the two
> groups will it be for you?

You're falsely implying that greylisting is the only way to fight SPAM.
In fact, I don't receive much SPAM at all due to my strategies, none of
which prevent the newsletters people subscribe to.

Tonnerre



signature.asc
Description: PGP signature
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] RBL's (again) (Was: Anyone from Green here?)

[Martin Ebnoether]

On the Fri, Oct 17, 2008 at 12:06:45AM +0200, Tonnerre Lombard blubbered:

Hallo.

> This is basically the "collision" between "lazy technicians" coming up
> with "excuses why they're not responsible" and "stupid users who cannot
> do things right". I'm afraid that the purely technical point of view is
> not worth a dime if your users look for alternative providers.

What do you do, when customers are quitting their contracts
because they think they receive too much spam? Which of the two
groups will it be for you?

CU, Venty

-- 
What we're planning here is World Domination!

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] RBL's (again) (Was: Anyone from Green here?)

[Tonnerre Lombard]

Salut, Marco,

On Thu, 16 Oct 2008 15:22:39 +0200, Marco wrote:
> fully agreed. thats a bad argument against greylisting. if php scripts
> or other webserver stuff, like newsletter servers, etc.. use their own
> MTA which is most likely a fancy carp script, as you said, then its
> actually not the ISPs problem if a mail won't get delivered.

Technically, this is perfectly right, and personally I would like to
see everyone writing such scripts burn in hell. But if your users insist
on receiving the mail, you will either have to disable greylisting or to
get a better set of customers.

This is basically the "collision" between "lazy technicians" coming up
with "excuses why they're not responsible" and "stupid users who cannot
do things right". I'm afraid that the purely technical point of view is
not worth a dime if your users look for alternative providers.

Do you see what I mean?

Tonnerre


signature.asc
Description: PGP signature
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] RBL's (again) (Was: Anyone from Green here?)

[Tonnerre Lombard]

Salut, Daniele,

On Thu, 16 Oct 2008 00:05:38 +0200, Daniele Guazzoni wrote:
> You'd rather blame the lazy programmers who don't cares about RFCs
> and other standards !

I think that blame is for people who don't care about solutions. I care
for my users and their ability to receive the mail they want, as long
as it is reasonable. While I do think that these scripts are broken and
terribly wrong, I have no power over their programmers and cannot make
them change the scripts. I, however, also don't have the authority to
tell my users not to want to receive that newsletter.

So you see, what I am saying is that greylisting prevents users from
receiving these mails, not that these mails are good or correctly sent.
But being a solution oriented provider, this is a clear reason why I
cannot use greylisting.

Tonnerre


signature.asc
Description: PGP signature
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] RBL's (again) (Was: Anyone from Green here?)

[Marco]

> Don't blame greylisting for this behavior.
>
> Queue-and-retry was an option but it is mandatory since RFC-2821.
>
> The very obsolete RFC-821 stated that "clients should retry".
> In the old RFC-2119 it was explained that "should" means recommended. 
> The actual RFC-2821 states clearly that:
>   - "the SMTP client retains responsibility for delivery of the message"
>   - "the SMTP client is encouraged to try again"
>   - "mail that cannot be transmitted immediately MUST be queued and 
> periodically retried by the sender."
>
> You'd rather blame the lazy programmers who don't cares about RFCs and other 
> standards !
>   
fully agreed. thats a bad argument against greylisting. if php scripts
or other webserver stuff, like newsletter servers, etc.. use their own
MTA which is most likely a fancy carp script, as you said, then its
actually not the ISPs problem if a mail won't get delivered.

we have a lot of webservers with php mailforms, newsletter scripts,
customer carp scripts, etc... smtp port to the internet is blocked from
all servers by local and sector firewalls. they must use the local
sendmail. the local sendmail on each server has a smarthost configured
which is our relay mail server cluster where we're also doing
greylisting. no problem with that at all.

greets from Barcelona
 Marco
> Daniele
>
>
> Tonnerre Lombard wrote:
>   
>> The problem is that your users go to web sites and subscribe their mail
>> addresses to newsletters generated by PHP programmers. As expected, a
>> lot of these try to deliver the mail directly to the destination host
>> from the PHP script using some Pear SMTP crap module, rather than local
>> sendmail. A typical dialog looks about like this:
>>
>>  Out: 220 planck.ngas.ch ESMTP Postfix (2.5.1)
>>  In:  HELO gmail.com
>>  Out: 250 planck.ngas.ch
>>  In:  MAIL FROM: <[EMAIL PROTECTED]>
>>  Out: 250 2.1.0 Ok
>>  In:  RCPT TO: <[EMAIL PROTECTED]>
>>  Out: 450 4.7.0 You are greylisted for 300 seconds
>>  In:  DATA
>>  Out: 554 Error: No valid recipients
>>  In:  From [EMAIL PROTECTED]
>>  Out: 221 2.0.0 error: I can break rules, too. goodbye.
>>
>> Not very problematic for the mail server but of course the PHP script
>> does _not_ attempt redelivery. And your users go to gmail, because
>> there they get the mail. Not sure that's desirable for you.
>>
>> That's the problem I am seeing with Greylisting, and I have discovered
>> that methods like rejecting SPAM after DATA can be way more effective
>> if the SPAM filter databases are sufficiently trained and the RBLs well
>> chosen.
>>
>>  Tonnerre
>>
>>
>> 
>>
>> ___
>> swinog mailing list
>> swinog@lists.swinog.ch
>> http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
>> 
>
>   

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] RBL's (again) (Was: Anyone from Green here?)

[Daniele Guazzoni]

Don't blame greylisting for this behavior.

Queue-and-retry was an option but it is mandatory since RFC-2821.

The very obsolete RFC-821 stated that "clients should retry".
In the old RFC-2119 it was explained that "should" means recommended. 
The actual RFC-2821 states clearly that:
- "the SMTP client retains responsibility for delivery of the message"
- "the SMTP client is encouraged to try again"
- "mail that cannot be transmitted immediately MUST be queued and 
periodically retried by the sender."

You'd rather blame the lazy programmers who don't cares about RFCs and other 
standards !

Daniele


Tonnerre Lombard wrote:
> The problem is that your users go to web sites and subscribe their mail
> addresses to newsletters generated by PHP programmers. As expected, a
> lot of these try to deliver the mail directly to the destination host
> from the PHP script using some Pear SMTP crap module, rather than local
> sendmail. A typical dialog looks about like this:
> 
>  Out: 220 planck.ngas.ch ESMTP Postfix (2.5.1)
>  In:  HELO gmail.com
>  Out: 250 planck.ngas.ch
>  In:  MAIL FROM: <[EMAIL PROTECTED]>
>  Out: 250 2.1.0 Ok
>  In:  RCPT TO: <[EMAIL PROTECTED]>
>  Out: 450 4.7.0 You are greylisted for 300 seconds
>  In:  DATA
>  Out: 554 Error: No valid recipients
>  In:  From [EMAIL PROTECTED]
>  Out: 221 2.0.0 error: I can break rules, too. goodbye.
> 
> Not very problematic for the mail server but of course the PHP script
> does _not_ attempt redelivery. And your users go to gmail, because
> there they get the mail. Not sure that's desirable for you.
> 
> That's the problem I am seeing with Greylisting, and I have discovered
> that methods like rejecting SPAM after DATA can be way more effective
> if the SPAM filter databases are sufficiently trained and the RBLs well
> chosen.
> 
>   Tonnerre
> 
> 
> 
> 
> ___
> swinog mailing list
> swinog@lists.swinog.ch
> http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

-- 
This message has been scanned for viruses and
dangerous content by MailGate, and is
believed to be clean.

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] RBL's (again) (Was: Anyone from Green here?)

[Tonnerre Lombard]

Salut, Marco,

On Wed, 15 Oct 2008 11:01:06 +0200, Marco wrote:
> we made the experience that not greylisting itself is the problem. the
> problem are miss configured mailservers with wrong queue times or
> servers interpreting the greylisting "temp error" code as an "error".

The problem is that your users go to web sites and subscribe their mail
addresses to newsletters generated by PHP programmers. As expected, a
lot of these try to deliver the mail directly to the destination host
from the PHP script using some Pear SMTP crap module, rather than local
sendmail. A typical dialog looks about like this:

 Out: 220 planck.ngas.ch ESMTP Postfix (2.5.1)
 In:  HELO gmail.com
 Out: 250 planck.ngas.ch
 In:  MAIL FROM: <[EMAIL PROTECTED]>
 Out: 250 2.1.0 Ok
 In:  RCPT TO: <[EMAIL PROTECTED]>
 Out: 450 4.7.0 You are greylisted for 300 seconds
 In:  DATA
 Out: 554 Error: No valid recipients
 In:  From [EMAIL PROTECTED]
 Out: 221 2.0.0 error: I can break rules, too. goodbye.

Not very problematic for the mail server but of course the PHP script
does _not_ attempt redelivery. And your users go to gmail, because
there they get the mail. Not sure that's desirable for you.

That's the problem I am seeing with Greylisting, and I have discovered
that methods like rejecting SPAM after DATA can be way more effective
if the SPAM filter databases are sufficiently trained and the RBLs well
chosen.

Tonnerre


signature.asc
Description: PGP signature
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] RBL's (again) (Was: Anyone from Green here?)

[Beat Siegenthaler]

Daniel Kamm wrote:

> There are times, where the sending MTAs queue size is far to big for  
> the MTA to meet the queue times. I saw such problems multiple times.  
> When graylisting is configured for too short acceptance time, you will  
> have messages, which won't be transmitted.
> 


# How long will the greylist database retain tuples.
timeout 5d

This is the default for the milter-greylist-port in FreeBSD.
Maybe on very heavy loaded servers You have to go back. But even 12hrs
should be big enough for very big queues.
I think this is your idea of "short acceptance time"?
Or are there other parameters I am missing?

For me, the main factor is the greylist time. There is defined, how long
NOT to recieve a mail for a touple.

# How long a client has to wait before we accept
# the messages it retries to send. Here, 1 hour.
# May be overridden by the "-w greylist_delay" command line argument.
greylist 5m

but normally this is not the problem...
(There are still problems with greylist... but there are greater
problems without ;-)

Beat
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] RBL's (again) (Was: Anyone from Green here?)

[Daniel Kamm]

On Oct 15, 2008, at 11:01 AM, Marco wrote:

> we made the experience that not greylisting itself is the problem. the
> problem are miss configured mailservers with wrong queue times or
> servers interpreting the greylisting "temp error" code as an "error".

There are times, where the sending MTAs queue size is far to big for  
the MTA to meet the queue times. I saw such problems multiple times.  
When graylisting is configured for too short acceptance time, you will  
have messages, which won't be transmitted.

My 0.015€.

  - Dan
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] RBL's (again) (Was: Anyone from Green here?)

[Marco]

[EMAIL PROTECTED] wrote:
> Am 11 Sep 2008 um 5:17 hat Stanislav Sinyagin geschrieben:
>
>   
>>> Greylisting only delays mails. Proper spammers just use ISP relays and
>>>   
> how about registering on an page and waiting for the accept email for hours 
> because your ISP do graylisting ?
>
> taking a relax and drink some beers till the server forwards you the expected 
> email will lead to alcoholism ;-)
>   
we made the experience that not greylisting itself is the problem. the
problem are miss configured mailservers with wrong queue times or
servers interpreting the greylisting "temp error" code as an "error".

on your backup mx servers a greylisting time of 2-5 minutes reduced 98%
of incoming spam. our customer didn't notice that. of course it was only
on our backup mx and relay servers. i've to see what effect it has when
we implement if on regular mailservers...

marco
> Roger
>
>
> ___
> swinog mailing list
> swinog@lists.swinog.ch
> http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
>   

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] RBL's (again) (Was: Anyone from Green here?)

[Stanislav Sinyagin]

actually about a year and a half ago there was a new spambot which was 
re-sending the message after a temporary reject. But it did it 
precisely in 4 minutes after the first rejection, 
and never tried again. So, increasing the greylisting timeout to 5 minutes 
has solved the problem :)





- Original Message 
> From: Adrian Senn <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Sent: Thursday, September 11, 2008 9:37:08 PM
> Subject: Re: [swinog] RBL's (again) (Was:  Anyone from Green here?)
> 
> Stanislav Sinyagin schrieb:
> 
> > I don't know anything about proper spammers. Greylisting has reduced the 
> > amount of incoming spam significantly, probably at 90-95%. Of course there 
> > are spambots which play around greylisting, but they aren't yet that widely 
> > used. 
> 
> Agreed.
> 
> For my mail system at business i have at the moment a high amount of 
> blocked mails by greylisting, swinog list and some other RBL lists.
> At the beginning of this week we had a high amount of blocked mails. 
> Reason was probably a new wave of spam bot mails. Without the blocking 
> system our mail gateway wouldn't be able to process the load.
> And no we don't have any complains since months! Nor for the greylisting 
> , nor for the RBL blocking.
> 
> Adrian
> ___
> swinog mailing list
> swinog@lists.swinog.ch
> http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] RBL's (again) (Was: Anyone from Green here?)

[Adrian Senn]

Stanislav Sinyagin schrieb:

> I don't know anything about proper spammers. Greylisting has reduced the 
> amount of incoming spam significantly, probably at 90-95%. Of course there 
> are spambots which play around greylisting, but they aren't yet that widely 
> used. 

Agreed.

For my mail system at business i have at the moment a high amount of 
blocked mails by greylisting, swinog list and some other RBL lists.
At the beginning of this week we had a high amount of blocked mails. 
Reason was probably a new wave of spam bot mails. Without the blocking 
system our mail gateway wouldn't be able to process the load.
And no we don't have any complains since months! Nor for the greylisting 
, nor for the RBL blocking.

Adrian
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] RBL's (again) (Was: Anyone from Green here?)

[Rainer Duffner]

Am 11.09.2008 um 20:28 schrieb [EMAIL PROTECTED]:

> great idea,
> whitelisting every system on the world which sends confirmation  
> email ..
> it will be an big efford for that small country to convince the rest  
> of the world
> ;-)


To be precise:
I use dnsbl.sorbs.net to blacklist all dynamic IPs (and the RBL from  
spamcop, and also the swinog RBL - I would use spamhaus, but they  
blocked us because we make too many requests and we can't afford their  
prices). Then, I use the list on the SWINOG-RBL homepage to whilelist  
all the swiss dynamic IPs (and some other big systems, plus various  
IPs clients requested us to whitelist over the years) - because those  
are the one's that may actually want to relay through our system or  
send us mail legitimately.
senderbase.org helps finding IPs of outbound relays, too.

I don't use greylisting - IMO, it's a system that doesn't work large- 
scale, in a similar way TMDA or other "please reply to this email or  
click on this link"-systems don't work in practise.

To be vaguely on topic - most of our customers have static IPs, and  
it's not a problem to set the PTR to another value.
But we also don't boast 10+ customers, like www.green.ch does -  
maybe they're afraid of having to change 100k PTRs, if they set a  
precedent?
;-)

IT would be so easy - it's just users and customers that make it  
difficult :-)))



Rainer
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] RBL's (again) (Was: Anyone from Green here?)

[roger]

great idea, 
whitelisting every system on the world which sends confirmation email .. 
it will be an big efford for that small country to convince the rest of the 
world 
;-)


> Jeroen Massar schrieb:
> > Marc SCHAEFER wrote:
> > [..]
> >   
> >> I am a heavy users of those RBL lists, they offer quite a bit of
> >> protection (but not as much as you might think, and with
> >> 
> >
> > You should use RBL's only for *scoring*; not for decision making and
> > then directly rejecting based on it.
> >
> >   
> 
> In Switzerland, you can whitelist most of the "known-good" (dynamic) IP 
> address ranges (and important mailservers) quite easily with a mixture 
> of the list provided by the swinog-RBL and some historic data.
> There rest is dealt with a few customer-support tickets.
> That's the beauty of Switzerland - it's so small ;-)
> 
> 
> Rainer
> ___
> swinog mailing list
> swinog@lists.swinog.ch
> http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
> 


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] RBL's (again) (Was: Anyone from Green here?)

[Rainer Duffner]

Jeroen Massar schrieb:
> Marc SCHAEFER wrote:
> [..]
>   
>> I am a heavy users of those RBL lists, they offer quite a bit of
>> protection (but not as much as you might think, and with
>> 
>
> You should use RBL's only for *scoring*; not for decision making and
> then directly rejecting based on it.
>
>   

In Switzerland, you can whitelist most of the "known-good" (dynamic) IP 
address ranges (and important mailservers) quite easily with a mixture 
of the list provided by the swinog-RBL and some historic data.
There rest is dealt with a few customer-support tickets.
That's the beauty of Switzerland - it's so small ;-)


Rainer
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] RBL's (again) (Was: Anyone from Green here?)

[Charles Buckley]

I think that server (coloured) lists are but an easy way out for for those
who either aren't willing or able to do spam mail feature analysis.  Spam is
spam, even when it comes from a respectable server that has been temporarily
compromised.  

All the up-and-coming premium spam services shy away from them, which is
correct and proper.  Maybe shying away from ISPs that use them would be
correct and proper as well.

Charles

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of [EMAIL PROTECTED]
Sent: Thursday, September 11, 2008 3:07 PM
To: [EMAIL PROTECTED]
Subject: Re: [swinog] RBL's (again) (Was: Anyone from Green here?)


Am 11 Sep 2008 um 5:17 hat Stanislav Sinyagin geschrieben:

> > Greylisting only delays mails. Proper spammers just use ISP relays and
> 
how about registering on an page and waiting for the accept email for hours 
because your ISP do graylisting ?

taking a relax and drink some beers till the server forwards you the
expected 
email will lead to alcoholism ;-)

Roger


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] RBL's (again) (Was: Anyone from Green here?)

[roger]

Am 11 Sep 2008 um 5:17 hat Stanislav Sinyagin geschrieben:

> > Greylisting only delays mails. Proper spammers just use ISP relays and
> 
how about registering on an page and waiting for the accept email for hours 
because your ISP do graylisting ?

taking a relax and drink some beers till the server forwards you the expected 
email will lead to alcoholism ;-)

Roger


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] RBL's (again) (Was: Anyone from Green here?)

[julien mabillard]

:: Greylisting only delays mails. Proper spammers just use ISP relays and   

Well recent analysis show that % of open proxies and botnets
using fake smtp are still quite important.  

:: as the 450 is recognized and spam run you again later. So many easy ways 
:: around it and it only causes annoyance.  

actually I experience efficient results with ways to slow down connections  
to spammers. I doubt many spammers will create bots that act as real
smtp gateway with the first bounce of the handshaking, doing this   
for 100+ or 1000+ hosts would slow down the process on their side.  

However never use only one technique, but cook some mixed recipes.. 

--

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] RBL's (again) (Was: Anyone from Green here?)

[Stanislav Sinyagin]

> Greylisting only delays mails. Proper spammers just use ISP relays and

> then they will try forever. Or they will just nicely do the full SMTP
> thing for the first message and try again later, or stall sending to you
> as the 450 is recognized and spam run you again later. So many easy ways
> around it and it only causes annoyance.

I don't know anything about proper spammers. Greylisting has reduced the 
amount of incoming spam significantly, probably at 90-95%. Of course there 
are spambots which play around greylisting, but they aren't yet that widely 
used. 

> On top of that, I guess you have whitelisted large mail providers like
> gmail who try to send a single mail from several IP's, thus hitting your
> greylist over and over again, and then just giving up? :)

some greylisting packages have their whitelists already pre-filled in the 
distribution package, so it works quite well (we used 
http://policyd.sourceforge.net/ , and I have no complaints about this 
software, and neither do the users.
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

[swinog] RBL's (again) (Was: Anyone from Green here?)

[Jeroen Massar]

Marc SCHAEFER wrote:
[..]
> I am a heavy users of those RBL lists, they offer quite a bit of
> protection (but not as much as you might think, and with

You should use RBL's only for *scoring*; not for decision making and
then directly rejecting based on it.

> quite a few false positives: greylisting is much more efficient).

Greylisting only delays mails. Proper spammers just use ISP relays and
then they will try forever. Or they will just nicely do the full SMTP
thing for the first message and try again later, or stall sending to you
as the 450 is recognized and spam run you again later. So many easy ways
around it and it only causes annoyance.

On top of that, I guess you have whitelisted large mail providers like
gmail who try to send a single mail from several IP's, thus hitting your
greylist over and over again, and then just giving up? :)

[..]
> The last issue I had recently is with Yahoo delaying some of the
> messages sent to mailing-lists I host, I had to go through an
> interesting procedure during the last few months to be able to
> get the opportunity of maybe getting delisted, including a Privacy
> policy (http://www.alphanet.ch/privacy_policy.html if you
> are interested).

When you send mail (or packets for that matter) to a remote site, that
remote site can deny/filter/mangle those packets every way they want.
As long as you are a smaller fish then them and you want to still
deliver packets/mail to them you will have to comply to their rules.

But as you are doing greylisting yourself, why are you complaining about
another little bit of delay? ;)

As always, it is your site, thus any problems you make for yourself are,
well, made for yourself ;)

Greets,
 Jeroen



signature.asc
Description: OpenPGP digital signature
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog