Re: 1. Re: Ordinary user account can't log in; 2. Greylisting

To: Martin Husemann <martin%duskware.de@localhost>
Subject: Re: 1. Re: Ordinary user account can't log in; 2. Greylisting
From: Steffen Nurpmeso <steffen%sdaoden.eu@localhost>
Date: Wed, 09 Oct 2024 21:21:37 +0200

Martin Husemann wrote in
 <20241009091049.GD12401%mail.duskware.de@localhost>:
 ...
 |Greylisting is harmless and only causes a very small delay in mail \
 |delivery.
 |It needs no manual intervention.

Except that some do not get it right.
And to mention that NetBSD was known for notorious *long* (as in,
many hours, for a normal postfix queue, many tries) gray list
periods.  I always mention netbsd.org when somebody has problems,
just recently for example a RedHat employee, it turned out they
get email services via mimecast.com, and they talk via bug
tracker, and then you get

 R  190 Customer Reply                    2024-10-02 20:32  2697/ 167169   ┕▸

with top posting and HTML, of course, and they say

  The Greylisting standards that Mimecast applies are RFC
  compliant. The following is how Mimecast applies greylisting on
  both inbound and outbound messaging:

  [Image_2024-10-02_14-32-12.png]

You can have this 120 KB picture if you want!  It practically
gives some words regarding RFC 6647, with a note that normally
Exchange servers (yay!!) retries posting every 10 minutes.

P.S.: with mimecast.com the problem on their side seems to be
something different, i said (i did not open the customer issue,
i was cc:d at one time in this lengthy thing)

 |Nice.  But since Tomáš *has passed* grey listing as (he is in my
 |DB, as shown in the thread), it can only be sender address
 |verification -- "callback verification" [1] as wikipedia calls it.
 |
 |  [1] https://en.wikipedia.org/wiki/Callback_verification

Silence ever since (likely i was taken out, i was willing to
un-white/allowlist them again so we could test that, but, then
not).
But many, many more have problems with graylisting, and do not
retry etc etc, so you better watch out when you get in first
contact.  Ie notorious email-service-outsourced users like German
government (local city stuff and such), hospitals, whatever.

That is *i* will not agree that "harmless" of yours.
I for myself should not have written my graylisting thing, but
instead try to upstream to postfix an extension of his
   reject_unverified_sender,
ie the mentioned, it would have taken a bit only -- ie, i use
  delay-max 300
  delay-min 0
  count 1
  focus-sender
(the latter being my invention), and that gets it in practice, but
if upstreamed we would reject once without the bit, and only truly
verify thereafter.  Ok two bits, as you want to remember whether
verification succeeded.  But so it is.

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)

References:
- 1. Re: Ordinary user account can't log in; 2. Greylisting
  - From: Jay F. Shachter
- Re: 1. Re: Ordinary user account can't log in; 2. Greylisting
  - From: Stephen Borrill
- Re: 1. Re: Ordinary user account can't log in; 2. Greylisting
  - From: Martin Husemann

Prev by Date: Re: build.sh install to a remote machine with sshfs
Next by Date: Re: build.sh install to a remote machine with sshfs
Previous by Thread: Re: 2. Greylisting
Next by Thread: Re: 1. Re: Ordinary user account can't log in; 2. Greylisting
Indexes:

Home | Main Index | Thread Index | Old Index