Hi Tonnerre,
You got me wrong :-)
What I'm trying to say is: As a mail service provider ("recipient side")
you can use greylisting and if there are some buggy mailers out there in
the internet (or in your local network) it's not a greylisting problem
and it's not your problem. they have to fix there mailer problems
("sender side"). it's not the ISP who has to adapt mail services to
buggy customer stuff ^^
A mailer script which doesn't support queueing or in other words
RFC-conform MTA operation will cause problems anyway regardless if
greylisting is used or not, other 4xx codes, etc...
maybe my opinion is very radical but I think it's the way it should be.
Of course I know there are exceptions with individual customer
situations, etc.
bests
Marco
Tonnerre Lombard wrote:
> Salut, Marco,
>
> On Fri, 17 Oct 2008 15:21:59 +0200, Marco Fretz wrote:
>> Of course I know what you mean. That's the thing every webhoster have
>> to fight with. Last year I was on the Secure Linux Admin Conference in
>> Berlin. There was a workshop how to protect shared hosting
>> webservers...
>
> I am talking about the recipient side. I don't think it's a safe
> assumption that all scripts _your_ _mail_ _users_ will receive mail
> from are under your control.
>
>> If I remember correctly the 2nd or 3th step was: prevent the users
>> from using SMTP (or any other port) to the internet and only allow the
>> destination you choose, your mailrelay servers, http proxy, etc.
>
> That is great, but not everyone does that. In fact the number of
> providers which do that is fairly low. I would do so myself, also for
> the reason that this prevents people owning a web service to spam
> around in a volatile manner, but that's not the point at all.
>
>> crap customer scripts don't look like a reasonable argument against
>> greylisting to me. though some webhosting customers might send mails
>> with their mailer script to recipients which are not on your mail
>> server and this other mail server maybe is also protected with
>> greylisting, ergo same problem ergo problem not solved...
>
> For the receiving server, it is.
>
>> do you see what I mean, now? :) or maybe I didn't fully understand the
>> issue you had.
>
> No, you don't.
>
>> but agreed it's always hard to decide if you want "secure" systems or
>> "happy" users.
>
> That would be true if there was no way around greylisting, but there is.
>
> Tonnerre
>
_______________________________________________
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
