Milter-greylist

Hi,

  I know some implementations of greylisting allows for a "learning
mode", in which no delays are caused, and the database is populating
itself as it sees traffic going by.  Is there a way to do that with
milter-greylist.

  By the way, the milter is great.  However, a few points:

 - Everything is there, but you should talk about the rc scripts in
the readme file.

 - You should say that /var/milter-greylist is owned by smmsp for the
socket to be created, otherwise it doesn't work with the instructions
given in the readme file.

All the rest seems fine.  I'm working on making it work with libspf2 now.

Regards,

Ugo Bellavance wrote:
> Hi,
> 
>   I know some implementations of greylisting allows for a "learning
> mode", in which no delays are caused, and the database is populating
> itself as it sees traffic going by.  Is there a way to do that with
> milter-greylist.

Care to elaborate what exactly that does Ugo?

Unless delays are introduced, there's no way of knowing if a particular sending
IP ever retries, so there's nothing to populate with.

Perhaps this has to do with greylists that pre-emptively auto-whitelists based
on outbound mail? (milter-greylist doesn't do this AFAIK) For systems with that
feature the monitor-only state would make a lot of sense.

--- In milter-greylist@yahoogroups.com, Matt Kettler <mkettler@e...>
wrote:
>
> Ugo Bellavance wrote:
> > Hi,
> > 
> >   I know some implementations of greylisting allows for a "learning
> > mode", in which no delays are caused, and the database is populating
> > itself as it sees traffic going by.  Is there a way to do that with
> > milter-greylist.
> 
> Care to elaborate what exactly that does Ugo?
> 
> Unless delays are introduced, there's no way of knowing if a
particular sending
> IP ever retries, so there's nothing to populate with.
> 
> Perhaps this has to do with greylists that pre-emptively
auto-whitelists based
> on outbound mail? (milter-greylist doesn't do this AFAIK) For
systems with that
> feature the monitor-only state would make a lot of sense.

Here is a message that is explaining the concept:

http://lists.tummy.com/pipermail/vpostmaster/2005-October/000105.html

Thanks,

This would seem to also allow it to "learn" and allow all the Spammers that send to you while its in learn mode.

Ugo Bellavance wrote:

> --- In milter-greylist@yahoogroups.com, Matt Kettler <mkettler@e...>
> wrote:
> 
>>Ugo Bellavance wrote:
>>
>>>Hi,
>>>
>>>  I know some implementations of greylisting allows for a "learning
>>>mode", in which no delays are caused, and the database is populating
>>>itself as it sees traffic going by.  Is there a way to do that with
>>>milter-greylist.
>>
>>Care to elaborate what exactly that does Ugo?
>>
>>Unless delays are introduced, there's no way of knowing if a
> 
> particular sending
> 
>>IP ever retries, so there's nothing to populate with.
>>
>>Perhaps this has to do with greylists that pre-emptively
> 
> auto-whitelists based
> 
>>on outbound mail? (milter-greylist doesn't do this AFAIK) For
> 
> systems with that
> 
>>feature the monitor-only state would make a lot of sense.
> 
> 
> Here is a message that is explaining the concept:
> 
> http://lists.tummy.com/pipermail/vpostmaster/2005-October/000105.html
> 
> Thanks,
> 
> 
> 
> 
> 
> 
> 
>  
> Yahoo! Groups Links
> 
> 
> 
>  
> 
>

Dennis Willson wrote:
> This would seem to also allow it to "learn" and allow all the Spammers that send to you while its in learn mode.
> 

True, but unless you're using lazyaw this would only apply to spammers that are
using the same touple as previously seen. Such repeated use of the same source
IP, MAIL FROM: and RCPT TO: will eventually bypass a greylist anyway.

That said in my experience very few spammers will retry with the same touple,
ever. (I run with a greylist period of 1m, and this works very well)

--- In milter-greylist@yahoogroups.com, Matt Kettler <mkettler@e...>
wrote:
>
> Dennis Willson wrote:
> > This would seem to also allow it to "learn" and allow all the
Spammers that send to you while its in learn mode.
> > 
> 
> True, but unless you're using lazyaw this would only apply to
spammers that are
> using the same touple as previously seen. Such repeated use of the
same source
> IP, MAIL FROM: and RCPT TO: will eventually bypass a greylist anyway.
> 
> That said in my experience very few spammers will retry with the
same touple,
> ever. (I run with a greylist period of 1m, and this works very well)
>

Exactly.  Or, at worse, they will be allowed only for the duration of
the "learning" period".  Can't be worse than w/o greylisting...  I
still have MailScanner/SA behind...

A question that I have with a 1 minute delay, what is the average
delay that your users have to live with?  I guess most SMTP clients
won't knock again after 2 min right?

Matt Kettler <mkettler@...> wrote:

> Perhaps this has to do with greylists that pre-emptively auto-whitelists based
> on outbound mail? (milter-greylist doesn't do this AFAIK)

That's a desirable feature, but how to implement it?

You see an outgoing mail (IP 192.0.2.1, from toto@...,
titi@...) which matches the whitelist. You'd like to whitelist
answers of this e-mail. What tuple should be whitelisted? You don't have
the remote IP address yet.

We can whitelist (IP /.*/, from titi@..., to toto@...),
but that leave a door open for spam.

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

Ugo Bellavance <iolubik@...> wrote:

>   By the way, the milter is great.  However, a few points:
> 
>  - Everything is there, but you should talk about the rc scripts in
> the readme file.
> 
>  - You should say that /var/milter-greylist is owned by smmsp for the
> socket to be created, otherwise it doesn't work with the instructions
> given in the readme file.

Can you propose a patch against README?

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

--- In milter-greylist@yahoogroups.com, manu@n... wrote:
>
> Ugo Bellavance <iolubik@y...> wrote:
> 
> >   By the way, the milter is great.  However, a few points:
> > 
> >  - Everything is there, but you should talk about the rc scripts in
> > the readme file.
> > 
> >  - You should say that /var/milter-greylist is owned by smmsp for the
> > socket to be created, otherwise it doesn't work with the instructions
> > given in the readme file.
> 
> Can you propose a patch against README?
> 

I'd gladly help, but I don't know how to write a patch...

> -- 
> Emmanuel Dreyfus
> http://hcpnet.free.fr/pubz
> manu@n...
>

On Thu, Dec 08, 2005 at 06:36:35AM -0000, Ugo Bellavance wrote:
> A question that I have with a 1 minute delay, what is the average
> delay that your users have to live with?  I guess most SMTP clients
> won't knock again after 2 min right?

No, they wont. In my experience retry times are usually between 15 minutes
and 1 hours. But there are servers which longer retry delays.

	Kind regards

-- 
Matthias Scheler                                  http://scheler.de/~matthias/

Ugo Bellavance wrote:

> A question that I have with a 1 minute delay, what is the average
> delay that your users have to live with?  I guess most SMTP clients
> won't knock again after 2 min right?

Right.. However most legitimate messages retry in 15 mins. Also, I don't
greylist all my mail. I default to white, and selectively greylist, so my
"average delay" is pretty much 0. Very few greylisted messages ever get
delivered, and nearly all that do are spam.


On a quick survey of delays for this week:

delayed for 00:01:00 (pre-accept first try):
  17802
not delayed and delivered (total)
  13050
not delayed and delivered (not spam tagged)
   6368
not delayed and delivered (spam tagged)
   6682
delivered after being delayed (total)
    298
delivered after being delayed (not spam tagged)
     44
delivered after being delayed (spam tagged)
    254

And of the 298 messages that were delayed, here's the distribution of time:

109 < 15mins
74  15min-1hr
98 1hr-12 hrs
17 > 24hrs

I can't easily do a breakdown of the 44 that were non-spam, I'd have to collect
the SMTP transaction IDs from the SA messages, and then backtrack.


A little SpamAssassin ruleset that I use to track greylisted vs ungreylisted
spam is this:

header INFO_GREYLIST_DELAYED        X-Greylist =~ /Delayed for /
score INFO_GREYLIST_DELAYED                       0.001

header INFO_GREYLIST_NOTDELAYED        X-Greylist =~ / not delayed by /
score INFO_GREYLIST_NOTDELAYED                    -0.001

This way I can grep for those two in my SA logs. However, the timing info comes
from milter-greylist's logging. (I use MailScanner which batch-scans mail, so
the log lines don't always follow each other)

Ugo Bellavance <iolubik@...> wrote:

> I'd gladly help, but I don't know how to write a patch...

cp README README.orig
edit README
diff -U2 README.orig README > patch

And send the patch file.

-- 
Emmanuel Dreyfus
Le cahier de l'admin BSD 2eme ed. est dans toutes les bonnes librairies
http://www.eyrolles.com/Informatique/Livre/9782212114638/livre-bsd.php
manu@...

--- In milter-greylist@yahoogroups.com, manu@n... wrote:
>
> Ugo Bellavance <iolubik@y...> wrote:
> 
> > I'd gladly help, but I don't know how to write a patch...
> 
> cp README README.orig
> edit README
> diff -U2 README.orig README > patch
> 
> And send the patch file.
> 

Ok. I'll try do something, but I just discovered that there is indeed
a part on RC scripts.

Thanks for the mini-howto

> -- 
> Emmanuel Dreyfus
> Le cahier de l'admin BSD 2eme ed. est dans toutes les bonnes librairies
> http://www.eyrolles.com/Informatique/Livre/9782212114638/livre-bsd.php
> manu@n...
>

--- In milter-greylist@yahoogroups.com, Matt Kettler <mkettler@e...>
wrote:
>
> Ugo Bellavance wrote:
> 
> > A question that I have with a 1 minute delay, what is the average
> > delay that your users have to live with?  I guess most SMTP clients
> > won't knock again after 2 min right?
> 
> Right.. However most legitimate messages retry in 15 mins. Also, I don't
> greylist all my mail. I default to white, and selectively greylist,
so my
> "average delay" is pretty much 0. Very few greylisted messages ever get
> delivered, and nearly all that do are spam.
> 
> 
> On a quick survey of delays for this week:
> 
> delayed for 00:01:00 (pre-accept first try):
>   17802
> not delayed and delivered (total)
>   13050
> not delayed and delivered (not spam tagged)
>    6368
> not delayed and delivered (spam tagged)
>    6682
> delivered after being delayed (total)
>     298
> delivered after being delayed (not spam tagged)
>      44
> delivered after being delayed (spam tagged)
>     254
> 
> And of the 298 messages that were delayed, here's the distribution
of time:
> 
> 109 < 15mins
> 74  15min-1hr
> 98 1hr-12 hrs
> 17 > 24hrs
> 
> I can't easily do a breakdown of the 44 that were non-spam, I'd have
to collect
> the SMTP transaction IDs from the SA messages, and then backtrack.
> 
> 
> A little SpamAssassin ruleset that I use to track greylisted vs
ungreylisted
> spam is this:
> 
> header INFO_GREYLIST_DELAYED        X-Greylist =~ /Delayed for /
> score INFO_GREYLIST_DELAYED                       0.001
> 
> header INFO_GREYLIST_NOTDELAYED        X-Greylist =~ / not delayed by /
> score INFO_GREYLIST_NOTDELAYED                    -0.001
> 
> This way I can grep for those two in my SA logs. However, the timing
info comes
> from milter-greylist's logging. (I use MailScanner which batch-scans
mail, so
> the log lines don't always follow each other)
>

Would you mind sharing the script you're using to get those stats?

I am using MailWatch...

Regards,

I've encountered this problem... but with only one domain. Recently I  
set up milter on a moderately busy server, and customers are  
complaining  about the following:

On certain clients:
	k-mail (linux)
	Outlook 5.0.1 (Mac OS9)
	Thunderbird 1.0.7
	pine

Sender immediately receives an error in the form pop-up from their  
SMTP server,
which says: (this differs from client to client)

"An error occurred while sending mail. The mail server responded:  
4.7.1 Greylisting in action, please come back in 00:08:00. Please  
verify that your email address is correct in your Mail preference and  
try again"

or a bounce message as shown below:

> Subject: Mail delivery failed: returning message to sender
> Date: Thursday 01 December 2005 04:21 pm
> From: Mail Delivery System <Mailer- 
> Daemon@...>
> To: eric@...
>
> This message was created automatically by mail delivery software.
>
> A message that you sent could not be delivered to one or more of its
> recipients. This is a permanent error. The following address(es)  
> failed:
>
>   ed@...
>     SMTP error from remote mailer after RCPT TO:<ed@...>:
>     host mail.siriuslink.com [128.121.50.164]: 451 4.7.1  
> Greylisting in
>  action, please come back in 00:26:23: retry timeout exceeded
>
> ------ This is a copy of the message, including all the headers.  
> ------
>
> Return-path: <eric@...>
> Received: from [68.164.67.243] (helo=[192.168.1.102])
> 	by smtpauth01.mail.atl.earthlink.net with asmtp (TLSv1:RC4-MD5:128)
> 	(Exim 4.34)
> 	id 1Ehyg2-0003Ax-P7; Thu, 01 Dec 2005 19:21:27 -0500
> From: Eric Carter <eric@...>
> To: Ed Kelly <ed@...>,
>  Ed Kelly <ed@...>
> Subject: Re: don't forget your...
> User-Agent: KMail/1.8
> References: <3C12D294-F67A-4986-8DA7-47F7816C0C3A@...>
> In-Reply-To: <3C12D294-F67A-4986-8DA7-47F7816C0C3A@...>
> MIME-Version: 1.0
> Date: Thu, 1 Dec 2005 16:21:25 -0800
> Content-Type: Multipart/Mixed;
>   boundary="Boundary-00=_FO5jD5Jq4/UzXk+"
> Message-Id: <200512011621.25179.eric@...>
>

Looks like you haven't setup smtp auth for your users or you didn't include your internal addresses in the whitelist, or both.

Bill Levering wrote:

> I've encountered this problem... but with only one domain. Recently I  
> set up milter on a moderately busy server, and customers are  
> complaining  about the following:
> 
> On certain clients:
> 	k-mail (linux)
> 	Outlook 5.0.1 (Mac OS9)
> 	Thunderbird 1.0.7
> 	pine
> 
> Sender immediately receives an error in the form pop-up from their  
> SMTP server,
> which says: (this differs from client to client)
> 
> "An error occurred while sending mail. The mail server responded:  
> 4.7.1 Greylisting in action, please come back in 00:08:00. Please  
> verify that your email address is correct in your Mail preference and  
> try again"
> 
> or a bounce message as shown below:
> 
>>Subject: Mail delivery failed: returning message to sender
>>Date: Thursday 01 December 2005 04:21 pm
>>From: Mail Delivery System <Mailer- 
>>Daemon@...>
>>To: eric@...
>>
>>This message was created automatically by mail delivery software.
>>
>>A message that you sent could not be delivered to one or more of its
>>recipients. This is a permanent error. The following address(es)  
>>failed:
>>
>>  ed@...
>>    SMTP error from remote mailer after RCPT TO:<ed@...>:
>>    host mail.siriuslink.com [128.121.50.164]: 451 4.7.1  
>>Greylisting in
>> action, please come back in 00:26:23: retry timeout exceeded
>>
>>------ This is a copy of the message, including all the headers.  
>>------
>>
>>Return-path: <eric@...>
>>Received: from [68.164.67.243] (helo=[192.168.1.102])
>>	by smtpauth01.mail.atl.earthlink.net with asmtp (TLSv1:RC4-MD5:128)
>>	(Exim 4.34)
>>	id 1Ehyg2-0003Ax-P7; Thu, 01 Dec 2005 19:21:27 -0500
>>From: Eric Carter <eric@...>
>>To: Ed Kelly <ed@...>,
>> Ed Kelly <ed@...>
>>Subject: Re: don't forget your...
>>User-Agent: KMail/1.8
>>References: <3C12D294-F67A-4986-8DA7-47F7816C0C3A@...>
>>In-Reply-To: <3C12D294-F67A-4986-8DA7-47F7816C0C3A@...>
>>MIME-Version: 1.0
>>Date: Thu, 1 Dec 2005 16:21:25 -0800
>>Content-Type: Multipart/Mixed;
>>  boundary="Boundary-00=_FO5jD5Jq4/UzXk+"
>>Message-Id: <200512011621.25179.eric@...>
>>
> 
> 
> 
>  
> Yahoo! Groups Links
> 
> 
> 
>  
> 
>

smtp auth is working, but yes, I didn't add the internal address.

I've asked to get a list of to/from addresses from customers.

Another thing we do know of as a problem is ... Earthlink... anyone  
know their outgoing mail servers?

Bill

On Dec 8, 2005, at 4:02 PM, Dennis Willson wrote:

> Looks like you haven't setup smtp auth for your users or you didn't  
> include your internal addresses in the whitelist, or both.
>
> Bill Levering wrote:
>> I've encountered this problem... but with only one domain. Recently I
>> set up milter on a moderately busy server, and customers are
>> complaining  about the following:
>>
>> On certain clients:
>> 	k-mail (linux)
>> 	Outlook 5.0.1 (Mac OS9)
>> 	Thunderbird 1.0.7
>> 	pine
>>
>> Sender immediately receives an error in the form pop-up from their
>> SMTP server,
>> which says: (this differs from client to client)
>>
>> "An error occurred while sending mail. The mail server responded:
>> 4.7.1 Greylisting in action, please come back in 00:08:00. Please
>> verify that your email address is correct in your Mail preference and
>> try again"
>>
>> or a bounce message as shown below:
>>
>>> Subject: Mail delivery failed: returning message to sender
>>> Date: Thursday 01 December 2005 04:21 pm
>>> From: Mail Delivery System <Mailer-
>>> Daemon@...>
>>> To: eric@...
>>>
>>> This message was created automatically by mail delivery software.
>>>
>>> A message that you sent could not be delivered to one or more of its
>>> recipients. This is a permanent error. The following address(es)
>>> failed:
>>>
>>>  ed@...
>>>    SMTP error from remote mailer after RCPT TO:<ed@...>:
>>>    host mail.siriuslink.com [128.121.50.164]: 451 4.7.1
>>> Greylisting in
>>> action, please come back in 00:26:23: retry timeout exceeded
>>>
>>> ------ This is a copy of the message, including all the headers.
>>> ------
>>>
>>> Return-path: <eric@...>
>>> Received: from [68.164.67.243] (helo=[192.168.1.102])
>>> 	by smtpauth01.mail.atl.earthlink.net with asmtp (TLSv1:RC4-MD5:128)
>>> 	(Exim 4.34)
>>> 	id 1Ehyg2-0003Ax-P7; Thu, 01 Dec 2005 19:21:27 -0500
>>> From: Eric Carter <eric@...>
>>> To: Ed Kelly <ed@...>,
>>> Ed Kelly <ed@...>
>>> Subject: Re: don't forget your...
>>> User-Agent: KMail/1.8
>>> References: <3C12D294-F67A-4986-8DA7-47F7816C0C3A@...>
>>> In-Reply-To: <3C12D294-F67A-4986-8DA7-47F7816C0C3A@...>
>>> MIME-Version: 1.0
>>> Date: Thu, 1 Dec 2005 16:21:25 -0800
>>> Content-Type: Multipart/Mixed;
>>>  boundary="Boundary-00=_FO5jD5Jq4/UzXk+"
>>> Message-Id: <200512011621.25179.eric@...>
>>>
>>
>>
>>
>>
>> Yahoo! Groups Links
>>
>>
>>
>>
>>
>>
>
>
> ------------------------ Yahoo! Groups Sponsor -------------------- 
> ~-->
> AIDS in India: A "lurking bomb." Click and help stop AIDS now.
> http://us.click.yahoo.com/VpTY2A/lzNLAA/yQLSAA/W4wwlB/TM
> -------------------------------------------------------------------- 
> ~->
>
>
> Yahoo! Groups Links
>
>
>
>
>
>

Ugo Bellavance wrote:
> 
> Would you mind sharing the script you're using to get those stats?
> 
> I am using MailWatch...

The time distribution I did using a direct grep on the logs.

grep "X-Greylist: Delayed for" /var/log/maillog | cut -d ' ' -f 12- | sort -n -k 3

The rest is this script (needs some tweaks for your site's greylist duration:

#!/bin/sh
echo "delayed for (pre-accept):"
grep "delayed for" /var/log/maillog |wc -l

echo "delayed for 00:01:00 (pre-accept first try):"
grep "delayed for 00:01:00" /var/log/maillog |wc -l

echo "delayed for (post-accept):"
grep "X-Greylist: Delayed for" /var/log/maillog |wc -l

echo "default action:"
grep "is the default action" /var/log/maillog |wc -l

echo "not delayed and delivered (total)"
grep "INFO_GREYLIST_NOTDELAYED" /var/log/maillog |wc -l

echo "not delayed and delivered (not spam tagged)"
grep "INFO_GREYLIST_NOTDELAYED" /var/log/maillog |grep -v "is spam," |wc -l

echo "not delayed and delivered (spam tagged)"
grep "INFO_GREYLIST_NOTDELAYED" /var/log/maillog |grep "is spam," |wc -l

echo "delivered after being delayed (total)"
grep "INFO_GREYLIST_DELAYED" /var/log/maillog |wc -l

echo "delivered after being delayed (not spam tagged)"
grep "INFO_GREYLIST_DELAYED" /var/log/maillog |grep -v "is spam, " |wc -l

echo "delivered after being delayed (spam tagged)"
grep "INFO_GREYLIST_DELAYED" /var/log/maillog |grep "is spam, " |wc -l

Matt Kettler wrote:
> Ugo Bellavance wrote:
> 
>>Would you mind sharing the script you're using to get those stats?

<snip>

> The rest is this script (needs some tweaks for your site's greylist duration:
> 
<snip>

After-thought: The last 6 of those stats assume you're using SpamAssassin (I use
it via mailscanner, but it should work via spamd too) and you've got the
SpamAssassin info rules I previously posted added in.

It's a pretty crude script, but suits my needs nicely.

--- In milter-greylist@yahoogroups.com, Matt Kettler <mkettler@e...>
wrote:
>
> Matt Kettler wrote:
> > Ugo Bellavance wrote:
> > 
> >>Would you mind sharing the script you're using to get those stats?
> 
> <snip>
> 
> > The rest is this script (needs some tweaks for your site's
greylist duration:
> > 
> <snip>
> 
> After-thought: The last 6 of those stats assume you're using
SpamAssassin (I use
> it via mailscanner, but it should work via spamd too) and you've got the
> SpamAssassin info rules I previously posted added in.
> 
> It's a pretty crude script, but suits my needs nicely.
>

Got all that... In fact, I'm surprised that you dont' recall me from
the MailScanner list ;).

Thanks a lot for your help, I'm using your script now, it seems to
work well.

Ugo Bellavance wrote:

>>After-thought: The last 6 of those stats assume you're using
> 
> SpamAssassin (I use
> 
>>it via mailscanner, but it should work via spamd too) and you've got the
>>SpamAssassin info rules I previously posted added in.
>>
>>It's a pretty crude script, but suits my needs nicely.
>>
> 
> 
> Got all that... In fact, I'm surprised that you dont' recall me from
> the MailScanner list ;).

I do recall you Ugo. Which is why my original post made no mention of the
requirements.

As an afterthought I felt it necessary to mention the setup required in case
anyone else on the list was interested in using the scripts.

Earthlink is causing problems (again).

 From what I gather, it is bouncing messages back to the sender as  
undeliverable.

My guess is that there are multiple servers trying to send the  
message, and none of them get auto-whitelisted.

Does anyone know what outgoing server they use? netblock? any other  
ideas.. I just don't want to whitelist earthlink.net.

As someone once said:
There is a shitload of zombied/trojaned/proxied spam machines using  
both their domains as return addesses on the spam.

Thanx,
Bill

>> ------ Forwarded Message
>> From: Mail Delivery System
>> <Mailer-Daemon@...>
>> Date: Fri, 11 Jan 2008 11:36:07 -0500
>> To: <audra@...>
>> Subject: Mail delivery failed: returning message to sender
>>
>> This message was created automatically by mail delivery software.
>>
>> A message that you sent could not be delivered to one or more of its
>> recipients. This is a permanent error. The following address(es)  
>> failed:
>>
>> ed@...
>>   SMTP error from remote mailer after RCPT TO:<ed@...>:
>>   host mail.siriuslink.com [128.121.50.164]: 451 4.7.1 Greylisting in
>> action, please come back later:
>>   retry timeout exceeded
>>
>> ------ This is a copy of the message, including all the headers.  
>> ------
>>
>> Return-path: <audra@...>
>> Received: from [75.172.57.67] (helo=[192.168.0.11])
>> by elasmtp-mealy.atl.sa.earthlink.net with asmtp (Exim 4.34)
>> id 1JDMrR-0000tk-8u; Fri, 11 Jan 2008 11:36:01 -0500
>> User-Agent: Microsoft-Entourage/11.3.3.061214
>> Date: Fri, 11 Jan 2008 08:35:44 -0800
>> Subject: Re: New Associate
>> From: Audra Brown <audra@...>
>> To: Ed Kelly <ed@...>
>> CC: Crystal Rude <Crystal@...>
>> Message-ID: <C3ACDAE0.DD7E%audra@...>
>> Thread-Topic: New Associate
>> Thread-Index: AchUcALLQVSb38BjEdy7FgAX8gIvqg==
>> In-Reply-To: <22912DE3-2AF7-4E5A-A3FF-F2B209B6CAB9@...>
>> Mime-version: 1.0
>> Content-type: multipart/related;
>> boundary="B_3282885346_20349590"
>

Nope...  When I implemented greylisting, I saw the same problem, so I
asked one of my friends with an earthlink account to test it...

Basically earthlink and mindspring servers treat all 4xx errors as 5xx
errors.  It's a violation of the RFC, and it screws up greylisting.  I
encourage people to move away from non-RFC compliant
mail servers, not only because of greylisting, but because there
really are other legitimate uses of 4xx error codes, and in the case
of earthlink subscribers, their mail won't go through in those cases,
either.

--- In milter-greylist@yahoogroups.com, Bill Levering <idbill@...> wrote:

>
> Earthlink is causing problems (again).
> 
>  From what I gather, it is bouncing messages back to the sender as  
> undeliverable.
> 
> My guess is that there are multiple servers trying to send the  
> message, and none of them get auto-whitelisted.
> 
> Does anyone know what outgoing server they use? netblock? any other  
> ideas.. I just don't want to whitelist earthlink.net.
> 
> As someone once said:
> There is a shitload of zombied/trojaned/proxied spam machines using  
> both their domains as return addesses on the spam.
> 
> Thanx,
> Bill
> 
> >> ------ Forwarded Message
> >> From: Mail Delivery System
> >> <Mailer-Daemon@...>
> >> Date: Fri, 11 Jan 2008 11:36:07 -0500
> >> To: <audra@...>
> >> Subject: Mail delivery failed: returning message to sender
> >>
> >> This message was created automatically by mail delivery software.
> >>
> >> A message that you sent could not be delivered to one or more of its
> >> recipients. This is a permanent error. The following address(es)  
> >> failed:
> >>
> >> ed@...
> >>   SMTP error from remote mailer after RCPT TO:<ed@...>:
> >>   host mail.siriuslink.com [128.121.50.164]: 451 4.7.1 Greylisting in
> >> action, please come back later:
> >>   retry timeout exceeded
> >>
> >> ------ This is a copy of the message, including all the headers.  
> >> ------
> >>
> >> Return-path: <audra@...>
> >> Received: from [75.172.57.67] (helo=[192.168.0.11])
> >> by elasmtp-mealy.atl.sa.earthlink.net with asmtp (Exim 4.34)
> >> id 1JDMrR-0000tk-8u; Fri, 11 Jan 2008 11:36:01 -0500
> >> User-Agent: Microsoft-Entourage/11.3.3.061214
> >> Date: Fri, 11 Jan 2008 08:35:44 -0800
> >> Subject: Re: New Associate
> >> From: Audra Brown <audra@...>
> >> To: Ed Kelly <ed@...>
> >> CC: Crystal Rude <Crystal@...>
> >> Message-ID: <C3ACDAE0.DD7E%audra@...>
> >> Thread-Topic: New Associate
> >> Thread-Index: AchUcALLQVSb38BjEdy7FgAX8gIvqg==
> >> In-Reply-To: <22912DE3-2AF7-4E5A-A3FF-F2B209B6CAB9@...>
> >> Mime-version: 1.0
> >> Content-type: multipart/related;
> >> boundary="B_3282885346_20349590"
> >
>