Hi Tonnerre, You got me wrong :-)
What I'm trying to say is: As a mail service provider ("recipient side") you can use greylisting and if there are some buggy mailers out there in the internet (or in your local network) it's not a greylisting problem and it's not your problem. they have to fix there mailer problems ("sender side"). it's not the ISP who has to adapt mail services to buggy customer stuff ^^ A mailer script which doesn't support queueing or in other words RFC-conform MTA operation will cause problems anyway regardless if greylisting is used or not, other 4xx codes, etc... maybe my opinion is very radical but I think it's the way it should be. Of course I know there are exceptions with individual customer situations, etc. bests Marco Tonnerre Lombard wrote: > Salut, Marco, > > On Fri, 17 Oct 2008 15:21:59 +0200, Marco Fretz wrote: >> Of course I know what you mean. That's the thing every webhoster have >> to fight with. Last year I was on the Secure Linux Admin Conference in >> Berlin. There was a workshop how to protect shared hosting >> webservers... > > I am talking about the recipient side. I don't think it's a safe > assumption that all scripts _your_ _mail_ _users_ will receive mail > from are under your control. > >> If I remember correctly the 2nd or 3th step was: prevent the users >> from using SMTP (or any other port) to the internet and only allow the >> destination you choose, your mailrelay servers, http proxy, etc. > > That is great, but not everyone does that. In fact the number of > providers which do that is fairly low. I would do so myself, also for > the reason that this prevents people owning a web service to spam > around in a volatile manner, but that's not the point at all. > >> crap customer scripts don't look like a reasonable argument against >> greylisting to me. though some webhosting customers might send mails >> with their mailer script to recipients which are not on your mail >> server and this other mail server maybe is also protected with >> greylisting, ergo same problem ergo problem not solved... > > For the receiving server, it is. > >> do you see what I mean, now? :) or maybe I didn't fully understand the >> issue you had. > > No, you don't. > >> but agreed it's always hard to decide if you want "secure" systems or >> "happy" users. > > That would be true if there was no way around greylisting, but there is. > > Tonnerre > _______________________________________________ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog