Greylisting -- Was: Anti Spam
tedm at toybox.placo.com
Mon Apr 30 08:15:26 UTC 2007
> -----Original Message-----
> From: Bart Silverstrim [mailto:bsilver at chrononomicon.com]
> Sent: Sunday, April 29, 2007 3:40 AM
> To: Ted Mittelstaedt
> Cc: Eric Crist; Grant Peel; Christopher Hilton;
> freebsd-questions at freebsd.org
> Subject: Re: Greylisting -- Was: Anti Spam
> On Apr 29, 2007, at 5:00 AM, Ted Mittelstaedt wrote:
> >> -----Original Message-----
> >> From: Bart Silverstrim [mailto:bsilver at chrononomicon.com]
> >> Sent: Saturday, April 28, 2007 5:01 PM
> >> To: Ted Mittelstaedt
> >> Cc: Eric Crist; Grant Peel; Christopher Hilton;
> >> freebsd-questions at freebsd.org
> >> Subject: Re: Greylisting -- Was: Anti Spam
> >> On Apr 28, 2007, at 5:25 AM, Ted Mittelstaedt wrote:
> >>>> -----Original Message-----
> >>>> From: Bart Silverstrim [mailto:bsilver at chrononomicon.com]
> >>>> Sent: Friday, April 27, 2007 1:58 PM
> >>>> To: Ted Mittelstaedt
> >>>> Cc: Christopher Hilton; Grant Peel; Eric Crist;
> >>>> freebsd-questions at freebsd.org
> >>>> Subject: Re: Greylisting -- Was: Anti Spam
> >>>> On Apr 26, 2007, at 12:15 AM, Ted Mittelstaedt wrote:
> >>>>> There are legitimate technical reasons that someone may want their
> >>>>> mail
> >>>>> to not be greylisted. For example, my cell phone's e-mail
> >>>>> address is
> >>>>> in our monitoring scripts to page me in the event of a server
> >>>>> failure.
> >>>>> I would be pretty pissed off if Sprint suddenly started
> >>>>> greylisting. It
> >>>>> isn't just dumb-ass users making stupid political decisions to
> >>>>> reject
> >>>>> it, although in your case it probably was.
> >>>> If it is a legitimate mail server, it would be promoted to the
> >>>> auto-
> >>>> whitelist. Not all mail is constantly greylisted by most
> >>>> intelligent
> >>>> greylist systems. Only the first few messages would be delayed,
> >>>> until it is established as legitimate.
> >>> That won't work in my case since I generally only have a failure
> >>> that causes
> >>> a problem which results in paging about once every 3 months or so.
> >>> By the
> >>> time the pages got through the
> >>> greylist it would be at least an hour later after the system had
> >>> gone
> >>> down. That isn't acceptable for a notification system.
> >> What? What do you mean, a failure that causes a problem which
> >> results in paging once every 3 months?
> >> If your mail server tries to contact another mail server and it can't
> >> reach it, you're saying your mail server doesn't retry for an hour?
> > If the monitoring system notices something down, I have to know about
> > it within a few minutes. I cannot wait for the mailserver that
> > sends the
> > page out to retry sending the page to the cell carrier's mailserver
> > in an hour.
> Ted, usually I find your posts intelligent and food for thought, but
> I almost think you're doing this on purpose now.
No, the problem is you haven't understood the point I was making.
> When you're setting it up, you would set up manually to have your own
> system whitelisted.
The system that would cause problems if it ran
greylisting is not MY system. It's the mailserver owned by the cellular
company that I am sending to. If they went and installed greylisting
it is highly unlikely I could get them to whitelist me. (have you
ever, for example, tried to get a system off AOL's internal blacklist?)
> I would assume that if you really don't own your
> own domain/mail system, you still would have a provider that would
> whitelist *themselves* so you could send the email from your provider
> to yourself. If you're using SMS, I would personally either tell my
> phone provider about it or send a few messages myself to have it
> whitelist the entry and then periodically test the system, since
> really you should be testing such systems periodically anyway (and
> make sure the listing is still working).
> You said yourself you use greylisting, I thought. Don't you already
> have a system like this in place?
> > Things go down rarely. The moonitoring system is not continually
> > sending
> > out pages to my cell phone every day. Many times many months will
> > pass
> > in between the monitoring system sending my cell phone a page. If the
> > cell phone company was running greylisting, any whitelist entry for my
> > monitoring system would be gone by then.
> We rarely lose power to the buildings, but our generator system still
> kicks over once a week to test. Why can't you send a page once or
> twice a week to make sure it's working properly?
Well for starters I have to know that the cell carrier is in fact
greylisting. You can't put a workaround in for something you don't know.
As far as I know they aren't greylisting right now - but if they start
up doing it in the future I doubt I'll be told in advance. For all
I know they have a cluster of SMTP receivers and sending a page a
week might not get all of them updated. And they might expire before
a week, or they might be expiring at a week then without warning change
it to 3 days.
For another thing I get charged every time I receive a text message
on my phone. But mainly, why should I have to do this? I have a life,
and cellular pages and calls are intrusive and I have to drop what I'm
doing and pay attention to them. If I send a page at night then I am
going to get woken up at night, if I send a page during the day it might
come in when I'm in the middle of a conversation with a customer, if I
send it in the evening then who knows I might be in the middle of boffing
> Things change,
> things get reconfigured or hiccup, and if this is that critical to
> you, what's the harm in one or two text messages a month to your
> phone saying "howdy?" I mean c'mon...it's so important you must be
> notified ASAP, but you can't afford to have it test the connection
> periodically is what it sounds like you're saying.
Sure, there's Rube Goldberg ways around anything. But the point of this
was to illustrate that there are situations where even an hours delay on
a greylist can be a problem. Like I said, you have to know they are
greylisting in advance before you know there's a problem.
> >> If you're doing something SO critical that
> >> three or four mails delayed an hour, until you're establishes as a
> >> legit user, means life or death, you definitely should be doing
> >> something that backs up how you communicate with other sites,
> > I'm monitoring systems at the ISP I work at. No, it is not life or
> > death
> > if a feed goes down for 3 hours and a bunch of people cannot download
> > their daily freebsd-questions mailing list fix. At least, I don't
> > think
> > so. But they do. And as their money that buys the ISP's product puts
> > the bread on my table, I have to do what they want.
> It's an interesting conundrum that people will bitch about how stupid
> their users are yet will turn around and give them "what they want"
> to the point where it encourages their bad habits and their reliance
> on bad practices and their ignorance.
You don't have any choice in the matter, none at all, unless you have
so many customers clawing to buy your product that you can sit back and
cherry pick the best ones to sell to and tell the rest to screw off.
There's a few business I know of out there - Langlitz Leathers in my
city is one of them for example - but their products are sold on the
star factor, and their competitors make just as good quality for a
quarter of the price. Most people are not lucky enough to be working
at a business like this.
> I'm not saying you're doing
> this, this is just a general observation.
Usually if what the customer wants is so awful and such an incredibly
bad habit, it is possible for all of the sellers in the market to
agree not to provide such, and enforce this by getting the government
to make the product illegal so that no one seller can go behind the
back of the rest of them and sell it anyway. Such as for example,
providing bandwidth to customers that want to spam.
Unfortunately there is a grey area between a good product and an
illegal product, that is where all of the bad products and bad habits
and bad business practices are.
I don't know the answer to how to keep these products out of the market.
I wish I did. Typically the poor products are cheaper, and the
customers that buy them may even know they are cheaper - but they make
a tradeoff to buying them, figuring that they can get by with the
poorer product and save money. And the problem is that sometimes they
can get by and save money, so the poor products manage to sell enough to
stay in the market.
More information about the freebsd-questions