[Mimedefang] Re: Filtering idea for stock pump&dumps

[Kevin A. McGrail]

>> You wouldn't see the message unless you run a Microsoft Exchange Server
>> and you are having troubles sending to a host that has greylisting
>> implemented.
>
> We greylist post-DATA, and that doesn't seem to have caused problems.
> I suspect the case in which all RCPT commands are tempfailed is not very
> well tested in SMTP client code.
>
> True, greylisting post-DATA "wastes" bandwidth, but that's a small
> price to pay to prevent angry Exchange lusers from sending us support
> tickets.

Yes, this is the same issue we discussed a few weeks ago.  We concur that it 
seems to be the RCPT tempfail and not the post-data tempfails that cause 
this issue.  I think your comment then was "looks like microsoft has 
reinvented a novell bug".

Making things more interesting, under the RFC 2821, I think you can read 
that Microsoft is NOT outside the RFC in this matter.  Specifically, the RFC 
states:

"It is difficult to assign a meaning to "transient" when two different sites 
(receiver- and sender-SMTP agents) must agree on the interpretation.  Each 
reply in this category might have a different time value, but the SMTP 
client is encouraged to try again.  "

In RFC-speak, the word encouraged is not MUST.  Greylisting in and of itself 
may put your email at risk because there is no requirement that mail be 
retried per the RFC except based on existing implementation.

In short, for Microsoft not to try again is not against the RFC for a 4yz 
error code it seems if I read the result codes section of 2821 correctly.

But I do concur that CanIT's greylisting seems to be well-balanced towards 
mitigating FPs.  And you've at least acknowledged the issue.  Other 
solutions like Merak don't even seem to acknowledge the issue.

Regards,
KAM