| Stephen Gran on 22 Jan 2005 20:51:25 -0000 |
|
On Fri, Jan 21, 2005 at 08:33:40PM -0500, sean finney said: > On Fri, Jan 21, 2005 at 02:58:46PM -0500, Malcolm J Harwood wrote: > > I'm curious as to what the downsides you encountered are (as I've not run into > > any myself yet, and would like to know if it's something I need to watch out > > for). > > it's an abuse of the smtp protocol, for starters. it doubles the > network and processing usage of legitimate mail servers, which maybe > isn't a big deal for a personal mail server but for large > installations can be a significant impact. Note that a sane implementation of greylisting should have an IP based whitelist. The only point of greylisting is to stop fire and forget type spam, not to unduly burden normal mailservers. It's like any acl - it should slow or stop those you want to slow or stop, but not waste the time of those who will retry. The arrangement I use runs a nightly cron job, and examines all the data in the Greylist data. If there are more than $config_variable number of tuples in the WHITE state for a single IP, then that IP gets added to the whitelist table. When lookups are done at smtp time, the whitelist table is checked first, so any regular mailserver that interacts with your organizaation will quickly get added to that table, and it will in fact improve throughput - there is no second and third SQL query to look them up in the greylist, and then to add them. -- -------------------------------------------------------------------------- | Stephen Gran | The meek are contesting the will. | | steve@lobefin.net | | | http://www.lobefin.net/~steve | | -------------------------------------------------------------------------- Attachment:
pgpHWOC8gm1ec.pgp ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|