[Mimedefang] Re: Filtering idea for stock pump&dumps
Kevin A. McGrail
kmcgrail at pccc.com
Tue Jul 3 11:24:39 EDT 2007
>> You wouldn't see the message unless you run a Microsoft Exchange Server
>> and you are having troubles sending to a host that has greylisting
>> implemented.
>
> We greylist post-DATA, and that doesn't seem to have caused problems.
> I suspect the case in which all RCPT commands are tempfailed is not very
> well tested in SMTP client code.
>
> True, greylisting post-DATA "wastes" bandwidth, but that's a small
> price to pay to prevent angry Exchange lusers from sending us support
> tickets.
Yes, this is the same issue we discussed a few weeks ago. We concur that it
seems to be the RCPT tempfail and not the post-data tempfails that cause
this issue. I think your comment then was "looks like microsoft has
reinvented a novell bug".
Making things more interesting, under the RFC 2821, I think you can read
that Microsoft is NOT outside the RFC in this matter. Specifically, the RFC
states:
"It is difficult to assign a meaning to "transient" when two different sites
(receiver- and sender-SMTP agents) must agree on the interpretation. Each
reply in this category might have a different time value, but the SMTP
client is encouraged to try again. "
In RFC-speak, the word encouraged is not MUST. Greylisting in and of itself
may put your email at risk because there is no requirement that mail be
retried per the RFC except based on existing implementation.
In short, for Microsoft not to try again is not against the RFC for a 4yz
error code it seems if I read the result codes section of 2821 correctly.
But I do concur that CanIT's greylisting seems to be well-balanced towards
mitigating FPs. And you've at least acknowledged the issue. Other
solutions like Merak don't even seem to acknowledge the issue.
Regards,
KAM
More information about the MIMEDefang
mailing list