Slightly OT: Greylisting success or failure stories?

Fri Feb 4 17:45:05 UTC 2005

David Cary Hart wrote:
> On Fri, 2005-02-04 at 11:16 -0600, Aleksandar Milivojevic wrote:
>>Not all users have luxuriy of having SMTP server doing authentication on 
>>port 587 (plus, some ISP might block that one too).  Plus you need 
>>support in mail client to connect to port other than 25 (not all support 
>>it).
> 
> We've beaten this to death but we authenticate SMTP with SASL AuthD (as
> do many ISPs). This does not require additional ports.

However, it does not work from ISPs that block outbound port 25 
connections, which is why port 587 is recommended for this purpose.

Anyone seeing port 587 blocked is probably behind a corporate firewall 
that is blocking everything bar port 80 maybe, and should respect that 
company's policy of not allowing outbound mail from their network.

>>Webmail is nice, but not all people like it.  It is especially 
>>inconvinient for people who use POP3 to get their mail.  Again, in this 
>>hypothetical situation, you are forcing legitimate sender's to deal with 
>>your spam problem (just like with TDMA, maybe even a bit worse).
> 
> 
> Roaming users aren't the issue. This pertains exclusively to a third
> party contact that happens to be traveling in a banned area and needs to
> send email. In that event, when that occurs, I'll deal with it.

The traveling third party is, by definition, a roaming user. Not *your* 
roaming user, but a roaming user nonetheless. It's up to that user's 
organization to provide them with usable email connectivity.

> Meanwhile, 100% of the email that we have ever received from servers in
> China and Korea has been spam. We have no business reason to accept mail
> from either area. We also refuse email from dynamic IPs. They should use
> their ISP's SMTP. We ban mail from exploited servers and open proxies. A
> large MIS service company (a former vendor) has apparently been
> infected. Presumably, a computer on their LAN has become a zombie and is
> sending spam to the corporate mailing list. That's banned as well.
> 
> We're not an ISP. My machine - my rules. End of story.

Indeed.

It wouldn't work for me though. First of all, my wife is Chinese and 
hence my server gets plenty of legitimate mail from China. Secondly, I 
myself get lots of unsolicited mail from people I've never been in 
contact with before, for a variety of reasons, and I wouldn't want to 
miss that mail. So blocking whole countries is completely out of the 
question for me.

It really does boil down to what your needs are and what you're prepared 
to miss out on to get a spam-free inbox.

Paul.