Hi Tonnerre,
You got me wrong :-)
What I'm trying to say is: As a mail service provider ("recipient side") you can use greylisting and if there are some buggy mailers out there in the internet (or in your local network) it's not a greylisting problem and it's not your problem. they have to fix there mailer problems ("sender side"). it's not the ISP who has to adapt mail services to buggy customer stuff ^^
A mailer script which doesn't support queueing or in other words RFC-conform MTA operation will cause problems anyway regardless if greylisting is used or not, other 4xx codes, etc...
maybe my opinion is very radical but I think it's the way it should be. Of course I know there are exceptions with individual customer situations, etc.
bests Marco
Tonnerre Lombard wrote:
Salut, Marco,
On Fri, 17 Oct 2008 15:21:59 +0200, Marco Fretz wrote:
Of course I know what you mean. That's the thing every webhoster have to fight with. Last year I was on the Secure Linux Admin Conference in Berlin. There was a workshop how to protect shared hosting webservers...
I am talking about the recipient side. I don't think it's a safe assumption that all scripts _your_ _mail_ _users_ will receive mail from are under your control.
If I remember correctly the 2nd or 3th step was: prevent the users from using SMTP (or any other port) to the internet and only allow the destination you choose, your mailrelay servers, http proxy, etc.
That is great, but not everyone does that. In fact the number of providers which do that is fairly low. I would do so myself, also for the reason that this prevents people owning a web service to spam around in a volatile manner, but that's not the point at all.
crap customer scripts don't look like a reasonable argument against greylisting to me. though some webhosting customers might send mails with their mailer script to recipients which are not on your mail server and this other mail server maybe is also protected with greylisting, ergo same problem ergo problem not solved...
For the receiving server, it is.
do you see what I mean, now? :) or maybe I didn't fully understand the issue you had.
No, you don't.
but agreed it's always hard to decide if you want "secure" systems or "happy" users.
That would be true if there was no way around greylisting, but there is.
Tonnerre