Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

Love makes the world go 'round, with a little help from intrinsic angular momentum.


computers / comp.mail.sendmail / Re: challenge response spam thinking of implementing grey listing,

SubjectAuthor
* thinking of implementing grey listing,None
+* Re: thinking of implementing grey listing,Grant Taylor
|`* Re: thinking of implementing grey listing,None
| +* Re: thinking of implementing grey listing,Grant Taylor
| |+* Re: thinking of implementing grey listing,John Levine
| ||`- Re: thinking of implementing grey listing,Grant Taylor
| |`- Re: thinking of implementing grey listing,None
| `* Re: challenge response spam thinking of implementing grey listing,John Levine
|  +* Re: challenge response spam thinking of implementing grey listing,Grant Taylor
|  |`* Re: challenge response spam thinking of implementing grey listing,None
|  | +* Re: challenge response spam thinking of implementing grey listing,John Levine
|  | |`* Re: challenge response spam thinking of implementing grey listing,None
|  | | +* Re: challenge response spam thinking of implementing grey listing,John Levine
|  | | |`* Re: challenge response spam thinking of implementing grey listing,None
|  | | | `* Re: challenge response spam thinking of implementing grey listing,Grant Taylor
|  | | |  `- Re: challenge response spam thinking of implementing grey listing,Amanda Savage
|  | | `- Re: challenge response spam thinking of implementing grey listing,Grant Taylor
|  | `- Re: challenge response spam thinking of implementing grey listing,Grant Taylor
|  `- Re: challenge response spam thinking of implementing grey listing,None
`* Re: thinking of implementing grey listing,Claus Aßmann
 +* Re: thinking of implementing grey listing,None
 |`- Re: thinking of implementing grey listing,Grant Taylor
 `* Re: thinking of implementing grey listing,John Levine
  `* Re: thinking of implementing grey listing,Grant Taylor
   +- Re: thinking of implementing grey listing,John Levine
   `- Re: thinking of implementing grey listing,None

Pages:12
thinking of implementing grey listing,

<t26f2b$nha$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=408&group=comp.mail.sendmail#408

 copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: hzcnjkx...@tormails.com (None)
Newsgroups: comp.mail.sendmail
Subject: thinking of implementing grey listing,
Date: Fri, 1 Apr 2022 11:02:03 +0200
Organization: A noiseless patient Spider
Lines: 16
Message-ID: <t26f2b$nha$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Fri, 1 Apr 2022 09:02:04 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="d130f220f5a2801a09e7fccf0934fe83";
logging-data="24106"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+T1rfgTSTo57cUFrzKnI/mISC0TJZU8/oZqeKF6rKdHw=="
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101
Thunderbird/91.5.1
Cancel-Lock: sha1:7wiDun7Y9aRLTAAuk+09HlEwUos=
Content-Language: en-US
 by: None - Fri, 1 Apr 2022 09:02 UTC

I was thinking of implementing grey listing, and was wondering if this
idea[1] is still up to date with current standards.

Questions I wonder about when sending the 451 4.7.1 to the sender are:

1. Is the sender required to deliver the message to the same server
(when you have multiple mx records)

2. Is the sender required to use the same from (eg. no idea if @#$#@
like mailchimp change their from
bounce-mc.us5_10712807.8832082-dfaa67f206@mail154.atl121.mcsv.net)

[1]
https://www.gnu.org.ua/software/mailfromd/manual/mailfromd.html

Re: thinking of implementing grey listing,

<t2i582$qpa$1@tncsrv09.home.tnetconsulting.net>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=415&group=comp.mail.sendmail#415

 copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!tncsrv06.tnetconsulting.net!tncsrv09.home.tnetconsulting.net!.POSTED.alpha.home.tnetconsulting.net!not-for-mail
From: gtay...@tnetconsulting.net (Grant Taylor)
Newsgroups: comp.mail.sendmail
Subject: Re: thinking of implementing grey listing,
Date: Tue, 5 Apr 2022 13:28:34 -0600
Organization: TNet Consulting
Message-ID: <t2i582$qpa$1@tncsrv09.home.tnetconsulting.net>
References: <t26f2b$nha$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Tue, 5 Apr 2022 19:28:02 -0000 (UTC)
Injection-Info: tncsrv09.home.tnetconsulting.net; posting-host="alpha.home.tnetconsulting.net:198.18.18.251";
logging-data="27434"; mail-complaints-to="newsmaster@tnetconsulting.net"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
Thunderbird/78.13.0
In-Reply-To: <t26f2b$nha$1@dont-email.me>
Content-Language: en-US
 by: Grant Taylor - Tue, 5 Apr 2022 19:28 UTC

On 4/1/22 3:02 AM, None wrote:
> I was thinking of implementing grey listing, and was wondering if this
> idea[1] is still up to date with current standards.

I think that grey listing can be very beneficial. I also think that
grey listing can be fraught with problems.

> Questions I wonder about when sending the 451 4.7.1 to the sender are:
>
> 1. Is the sender required to deliver the message to the same server
> (when you have multiple mx records)

That's a good question. IMHO, it's up to you. What requirements do you
want to impose?

In some ways, this is a question of state. As in does each MX have it's
own independent state or is the state shared among them? E.g. does
connecting to the first high priority / low numbered MX count as the
grey list for the second not as high priority / not as low numbered MX
or not?

> 2. Is the sender required to use the same from (eg. no idea if @#$#@
> like mailchimp change their from
> bounce-mc.us5_10712807.8832082-dfaa67f206@mail154.atl121.mcsv.net)

If we stop and think about things for a moment, why would the SMTP
envelope sender or recipient change in between transmission attempts?
As such, I would think that the envelope addresses SHOULD be the same
across transmission attempts.

Now perhaps you are speaking to scoping of the grey listing, as in what
constitutes the tuple that is grey listed; sender, recipient(s), sending
host?

The grey listing filters that I've run over the years have had tunables
to allow me to determine what I wanted to grey list on. I usually see
either the sending host and / or sending domain as the level of
granularity. As in the sending host is grey listed once and anything
from it thereafter is not delayed. Or the sending domain at the sending
host is grey listed once and anything from that domain at that host
thereafter is not delayed.

This data is the state that I was referring to.

After many years of grey listing I switched to no-listing (w/ TCP reset)
which is stateless on the recipient's end. It works by pushing the
state into the sending server's end by causing the sender to properly
retry multiple MXs.

--
Grant. . . .
unix || die

Re: thinking of implementing grey listing,

<t2j92s$u0k$1@news.misty.com>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=416&group=comp.mail.sendmail#416

 copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!news.misty.com!.POSTED.veps.esmtp.org!not-for-mail
From: INVALID_...@esmtp.org (Claus Aßmann)
Newsgroups: comp.mail.sendmail
Subject: Re: thinking of implementing grey listing,
Date: Wed, 6 Apr 2022 01:39:40 -0400 (EDT)
Organization: MGT Consulting
Sender: <ml+sendmail(-no-copies-please)@esmtp.org>
Message-ID: <t2j92s$u0k$1@news.misty.com>
References: <t26f2b$nha$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Injection-Date: Wed, 6 Apr 2022 05:39:40 -0000 (UTC)
Injection-Info: news.misty.com; posting-host="veps.esmtp.org:155.138.203.148";
logging-data="30740"; mail-complaints-to="abuse@misty.com"
Mail-Copies-To: never
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
Originator: ca@x2.esmtp.org (Claus Assmann)
 by: Claus Aßmann - Wed, 6 Apr 2022 05:39 UTC

None wrote:

> 1. Is the sender required to deliver the message to the same server
> (when you have multiple mx records)

No, the sender is (in general) required to try all MXs.
That can be fairly annoying if a domain has many MXs and
uses graylisting.

> 2. Is the sender required to use the same from (eg. no idea if @#$#@
> like mailchimp change their from
> bounce-mc.us5_10712807.8832082-dfaa67f206@mail154.atl121.mcsv.net)

The much more interesting question is whether you include the client
IP address in your graylisting DB -- because that can change.

--
Note: please read the netiquette before posting. I will almost never
reply to top-postings which include a full copy of the previous
article(s) at the end because it's annoying, shows that the poster
is too lazy to trim his article, and it's wasting the time of all readers.

Re: thinking of implementing grey listing,

<t2k8s6$7ge$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=417&group=comp.mail.sendmail#417

 copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: hzcnjkx...@tormails.com (None)
Newsgroups: comp.mail.sendmail
Subject: Re: thinking of implementing grey listing,
Date: Wed, 6 Apr 2022 16:42:12 +0200
Organization: A noiseless patient Spider
Lines: 15
Message-ID: <t2k8s6$7ge$1@dont-email.me>
References: <t26f2b$nha$1@dont-email.me> <t2j92s$u0k$1@news.misty.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Wed, 6 Apr 2022 14:42:14 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="b9c4932be2845ccb460b66cb5b0f2f99";
logging-data="7694"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+3Op5gs5V8oNk4F4IEgRFmZmETg33y//2+TG9JR74b5A=="
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101
Thunderbird/91.5.1
Cancel-Lock: sha1:76NnCsRBGDUuJaFqnJKXPqJyZ+k=
In-Reply-To: <t2j92s$u0k$1@news.misty.com>
Content-Language: en-US
 by: None - Wed, 6 Apr 2022 14:42 UTC

>> 2. Is the sender required to use the same from (eg. no idea if @#$#@
>> like mailchimp change their from
>> bounce-mc.us5_10712807.8832082-dfaa67f206@mail154.atl121.mcsv.net)
>
> The much more interesting question is whether you include the client
> IP address in your graylisting DB -- because that can change.
>

yes the ip address is indeed included as a default/example. I am also
questioning if this is acceptable. I already noticed in my own testing
environment that the delivery is being attempted already a few minutes
later on the 2nd mx.

Re: thinking of implementing grey listing,

<t2k8sg$7ge$2@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=418&group=comp.mail.sendmail#418

 copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: hzcnjkx...@tormails.com (None)
Newsgroups: comp.mail.sendmail
Subject: Re: thinking of implementing grey listing,
Date: Wed, 6 Apr 2022 16:42:23 +0200
Organization: A noiseless patient Spider
Lines: 76
Message-ID: <t2k8sg$7ge$2@dont-email.me>
References: <t26f2b$nha$1@dont-email.me>
<t2i582$qpa$1@tncsrv09.home.tnetconsulting.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Wed, 6 Apr 2022 14:42:24 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="b9c4932be2845ccb460b66cb5b0f2f99";
logging-data="7694"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/iGGCkDRdak5RV6EdKen0S7y6ZozMBPGQNh/fDKpahXQ=="
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101
Thunderbird/91.5.1
Cancel-Lock: sha1:5P2JFmZNHKkJ+LZXe0rM+yZf1NY=
In-Reply-To: <t2i582$qpa$1@tncsrv09.home.tnetconsulting.net>
Content-Language: en-US
 by: None - Wed, 6 Apr 2022 14:42 UTC

>>
>> 1. Is the sender required to deliver the message to the same server
>> (when you have multiple mx records)
>
> That's a good question.  IMHO, it's up to you.  What requirements do you
> want to impose?

the default I am currently testing with is $client_addr-$f-$rcpt_addr

> In some ways, this is a question of state.  As in does each MX have it's
> own independent state or is the state shared among them?

Indeed! Currently no shared state, just testing how this develops. I
would like to keep it simple for now.

> E.g. does
> connecting to the first high priority / low numbered MX count as the
> grey list for the second not as high priority / not as low numbered MX
> or not?

It is even worse in my setup, with equal priority, a few minutes later
the other mx is being used.

>> 2. Is the sender required to use the same from (eg. no idea if @#$#@
>> like mailchimp change their from
>> bounce-mc.us5_10712807.8832082-dfaa67f206@mail154.atl121.mcsv.net)
>
> If we stop and think about things for a moment, why would the SMTP
> envelope sender or recipient change in between transmission attempts?

I honestly would not know. I think this is (or going to be) practice of
annoying bulk mail providers, to try and get past detection mechanisms.
(recipient has to stay the same of course)

> As
> such, I would think that the envelope addresses SHOULD be the same
> across transmission attempts.

From some grep's in the log files this seems to be the case (still).

> Now perhaps you are speaking to scoping of the grey listing, as in what
> constitutes the tuple that is grey listed; sender, recipient(s), sending
> host?

correct $client_addr-$f-$rcpt_addr is being stored
>
> After many years of grey listing I switched to no-listing (w/ TCP reset)
> which is stateless on the recipient's end.  It works by pushing the
> state into the sending server's end by causing the sender to properly
> retry multiple MXs.
>

I am even receiving spam on mx hosts that I have removed from the dns,
they just archive this info somewhere.

Currently I am trying this setup.

I have my own custom dns bl that is blocking. However some people (even
a bank) is using sendgrid and those emails are now blocked.

So I decided to try and turn the blocking into grey listing, but the
sender is getting a greylist dsn with an api url to the mx host.
Just clicking the link will allow the message go thru on the next attempt.
In time I will just increase the greylist timeout from now 2h to as high
as I do not receive annoying newsletters/spam or what ever.

Re: thinking of implementing grey listing,

<t2kbjg$4se$1@tncsrv09.home.tnetconsulting.net>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=420&group=comp.mail.sendmail#420

 copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!tncsrv06.tnetconsulting.net!tncsrv09.home.tnetconsulting.net!.POSTED.alpha.home.tnetconsulting.net!not-for-mail
From: gtay...@tnetconsulting.net (Grant Taylor)
Newsgroups: comp.mail.sendmail
Subject: Re: thinking of implementing grey listing,
Date: Wed, 6 Apr 2022 09:29:20 -0600
Organization: TNet Consulting
Message-ID: <t2kbjg$4se$1@tncsrv09.home.tnetconsulting.net>
References: <t26f2b$nha$1@dont-email.me>
<t2i582$qpa$1@tncsrv09.home.tnetconsulting.net> <t2k8sg$7ge$2@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Wed, 6 Apr 2022 15:28:48 -0000 (UTC)
Injection-Info: tncsrv09.home.tnetconsulting.net; posting-host="alpha.home.tnetconsulting.net:198.18.18.251";
logging-data="5006"; mail-complaints-to="newsmaster@tnetconsulting.net"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
Thunderbird/78.13.0
In-Reply-To: <t2k8sg$7ge$2@dont-email.me>
Content-Language: en-US
 by: Grant Taylor - Wed, 6 Apr 2022 15:29 UTC

On 4/6/22 8:42 AM, None wrote:
> I am even receiving spam on mx hosts that I have removed from the dns,
> they just archive this info somewhere.

This seems ... unexpected to me.

Have the former MX hosts been removed from DNS for longer than the TTL
at the time of removal? E.g. is there /any/ chance that what you're
seeing is results of cached DNS queries?

I'd apply some Nyquist frequency mentality and make sure that you wait
/at/ /least/ 2 x the TTL to make sure that's not a problem.

> So I decided to try and turn the blocking into grey listing, but the
> sender is getting a greylist dsn with an api url to the mx host.
> Just clicking the link will allow the message go thru on the next attempt.

I would discourage relying on information from your SMTP delay actually
being surfaced back to the end user. I've found that such information
frequently doesn't make it to the end user. Even when it does make it
to the end user, chances are quite good that they will not know what to
do with it.

> In time I will just increase the greylist timeout from now 2h to as high
> as I do not receive annoying newsletters/spam or what ever.

Two hours seems quite high in my opinion. I think I used 5 - 15 minutes
when I was still using grey listing.

--
Grant. . . .
unix || die

Re: thinking of implementing grey listing,

<t2kbq7$ej9$1@tncsrv09.home.tnetconsulting.net>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=421&group=comp.mail.sendmail#421

 copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!tncsrv06.tnetconsulting.net!tncsrv09.home.tnetconsulting.net!.POSTED.alpha.home.tnetconsulting.net!not-for-mail
From: gtay...@tnetconsulting.net (Grant Taylor)
Newsgroups: comp.mail.sendmail
Subject: Re: thinking of implementing grey listing,
Date: Wed, 6 Apr 2022 09:32:55 -0600
Organization: TNet Consulting
Message-ID: <t2kbq7$ej9$1@tncsrv09.home.tnetconsulting.net>
References: <t26f2b$nha$1@dont-email.me> <t2j92s$u0k$1@news.misty.com>
<t2k8s6$7ge$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Wed, 6 Apr 2022 15:32:23 -0000 (UTC)
Injection-Info: tncsrv09.home.tnetconsulting.net; posting-host="alpha.home.tnetconsulting.net:198.18.18.251";
logging-data="14953"; mail-complaints-to="newsmaster@tnetconsulting.net"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
Thunderbird/78.13.0
In-Reply-To: <t2k8s6$7ge$1@dont-email.me>
Content-Language: en-US
 by: Grant Taylor - Wed, 6 Apr 2022 15:32 UTC

On 4/6/22 8:42 AM, None wrote:
> yes the ip address is indeed included as a default/example. I am also
> questioning if this is acceptable.

I would discourage using the IP (/32 or /128) in the tuple. I'm not
aware of any hint of any requirement that sending systems re-try from
the same IP.

Consider a cluster of systems functioning as an outgoing MX that have a
shared mail spool. Each system would have it's own IP address. As
such, messages could be re-tried from different systems / different IPs.

I think the grey listing systems that I used to use had options to
filter on a netmask to accommodate this type of thing.

> I already noticed in my own testing environment that the delivery is
> being attempted already a few minutes later on the 2nd mx.

That doesn't surprise me. I don't recall anything beyond a vague
recommendation as to how often sending systems should process their
queue, just that they do process their queue. So, a few minutes later
seems to be ... fairly normal.

--
Grant. . . .
unix || die

Re: thinking of implementing grey listing,

<t2kg25$1ojf$2@gal.iecc.com>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=422&group=comp.mail.sendmail#422

 copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!news.misty.com!news.iecc.com!.POSTED.news.iecc.com!not-for-mail
From: joh...@taugh.com (John Levine)
Newsgroups: comp.mail.sendmail
Subject: Re: thinking of implementing grey listing,
Date: Wed, 6 Apr 2022 16:44:53 -0000 (UTC)
Organization: Taughannock Networks
Message-ID: <t2kg25$1ojf$2@gal.iecc.com>
References: <t26f2b$nha$1@dont-email.me> <t2i582$qpa$1@tncsrv09.home.tnetconsulting.net> <t2k8sg$7ge$2@dont-email.me> <t2kbjg$4se$1@tncsrv09.home.tnetconsulting.net>
Injection-Date: Wed, 6 Apr 2022 16:44:53 -0000 (UTC)
Injection-Info: gal.iecc.com; posting-host="news.iecc.com:2001:470:1f07:1126:0:676f:7373:6970";
logging-data="57967"; mail-complaints-to="abuse@iecc.com"
In-Reply-To: <t26f2b$nha$1@dont-email.me> <t2i582$qpa$1@tncsrv09.home.tnetconsulting.net> <t2k8sg$7ge$2@dont-email.me> <t2kbjg$4se$1@tncsrv09.home.tnetconsulting.net>
Cleverness: some
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
Originator: johnl@iecc.com (John Levine)
 by: John Levine - Wed, 6 Apr 2022 16:44 UTC

According to Grant Taylor <gtaylor@tnetconsulting.net>:
>On 4/6/22 8:42 AM, None wrote:
>> I am even receiving spam on mx hosts that I have removed from the dns,
>> they just archive this info somewhere.
>
>This seems ... unexpected to me.

It shouldn't be. For some reason many spambots have hard coded obsolete
lists of MXes built into them. I see a trickle of spam to hosts that
stopped being MXes years ago.

--
Regards,
John Levine, johnl@taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly

Re: thinking of implementing grey listing,

<t2kh83$1tg3$1@gal.iecc.com>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=423&group=comp.mail.sendmail#423

 copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!news.misty.com!news.iecc.com!.POSTED.news.iecc.com!not-for-mail
From: joh...@taugh.com (John Levine)
Newsgroups: comp.mail.sendmail
Subject: Re: thinking of implementing grey listing,
Date: Wed, 6 Apr 2022 17:05:07 -0000 (UTC)
Organization: Taughannock Networks
Message-ID: <t2kh83$1tg3$1@gal.iecc.com>
References: <t26f2b$nha$1@dont-email.me> <t2j92s$u0k$1@news.misty.com>
Injection-Date: Wed, 6 Apr 2022 17:05:07 -0000 (UTC)
Injection-Info: gal.iecc.com; posting-host="news.iecc.com:2001:470:1f07:1126:0:676f:7373:6970";
logging-data="62979"; mail-complaints-to="abuse@iecc.com"
In-Reply-To: <t26f2b$nha$1@dont-email.me> <t2j92s$u0k$1@news.misty.com>
Cleverness: some
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
Originator: johnl@iecc.com (John Levine)
 by: John Levine - Wed, 6 Apr 2022 17:05 UTC

According to Claus A�mann <INVALID_NO_CC_REMOVE_IF_YOU_DO_NOT_POST_ml+sendmail(-no-copies-please)@esmtp.org>:
>None wrote:
>
>> 1. Is the sender required to deliver the message to the same server
>> (when you have multiple mx records)
>
>No, the sender is (in general) required to try all MXs.
>That can be fairly annoying if a domain has many MXs and
>uses graylisting.

If you have multiple MXes at the same priority, they need to share the greylist database.

>> 2. Is the sender required to use the same from (eg. no idea if @#$#@
>> like mailchimp change their from
>> bounce-mc.us5_10712807.8832082-dfaa67f206@mail154.atl121.mcsv.net)

In my experience the envelope doesn't change. For a while I tried a greylister
that did 4xx at the end of data and remembered a checksum of the message, and
found that some bulk mailers regenerate the message so it has new timestamps.

>The much more interesting question is whether you include the client
>IP address in your graylisting DB -- because that can change.

Definitely. I find it adequate to fuzz IPv4 addresses to the /24 and v6 to the /64.

Remember that greylisting is not a FUSSP. It's just a way to see whether a mail client
knows how to retry after a soft reject. Once it does that, there's no point in further
greylisting the same source.

--
Regards,
John Levine, johnl@taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly

Re: thinking of implementing grey listing,

<t2ki2u$mqj$1@tncsrv09.home.tnetconsulting.net>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=424&group=comp.mail.sendmail#424

 copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!tncsrv06.tnetconsulting.net!tncsrv09.home.tnetconsulting.net!.POSTED.alpha.home.tnetconsulting.net!not-for-mail
From: gtay...@tnetconsulting.net (Grant Taylor)
Newsgroups: comp.mail.sendmail
Subject: Re: thinking of implementing grey listing,
Date: Wed, 6 Apr 2022 11:19:59 -0600
Organization: TNet Consulting
Message-ID: <t2ki2u$mqj$1@tncsrv09.home.tnetconsulting.net>
References: <t26f2b$nha$1@dont-email.me>
<t2i582$qpa$1@tncsrv09.home.tnetconsulting.net> <t2k8sg$7ge$2@dont-email.me>
<t2kbjg$4se$1@tncsrv09.home.tnetconsulting.net> <t2kg25$1ojf$2@gal.iecc.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Wed, 6 Apr 2022 17:19:26 -0000 (UTC)
Injection-Info: tncsrv09.home.tnetconsulting.net; posting-host="alpha.home.tnetconsulting.net:198.18.18.251";
logging-data="23379"; mail-complaints-to="newsmaster@tnetconsulting.net"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
Thunderbird/78.13.0
In-Reply-To: <t2kg25$1ojf$2@gal.iecc.com>
Content-Language: en-US
 by: Grant Taylor - Wed, 6 Apr 2022 17:19 UTC

On 4/6/22 10:44 AM, John Levine wrote:
> It shouldn't be. For some reason many spambots have hard coded
> obsolete lists of MXes built into them. I see a trickle of spam to
> hosts that stopped being MXes years ago.

On one hand this /really/ surprises me.

Though on the other hand, I can see why they might have hard coded MXs
as an optimization to avoid DNS lookups for large target domains.

I'd be fairly shocked if the hard coded lists of MXs included many
digits of target domains. -- Insert some comment about logarithmic
level of surprise for the number of target domains.

--
Grant. . . .
unix || die

Re: thinking of implementing grey listing,

<t2kidq$jvm$1@tncsrv09.home.tnetconsulting.net>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=425&group=comp.mail.sendmail#425

 copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!tncsrv06.tnetconsulting.net!tncsrv09.home.tnetconsulting.net!.POSTED.alpha.home.tnetconsulting.net!not-for-mail
From: gtay...@tnetconsulting.net (Grant Taylor)
Newsgroups: comp.mail.sendmail
Subject: Re: thinking of implementing grey listing,
Date: Wed, 6 Apr 2022 11:25:46 -0600
Organization: TNet Consulting
Message-ID: <t2kidq$jvm$1@tncsrv09.home.tnetconsulting.net>
References: <t26f2b$nha$1@dont-email.me> <t2j92s$u0k$1@news.misty.com>
<t2kh83$1tg3$1@gal.iecc.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Wed, 6 Apr 2022 17:25:14 -0000 (UTC)
Injection-Info: tncsrv09.home.tnetconsulting.net; posting-host="alpha.home.tnetconsulting.net:198.18.18.251";
logging-data="20470"; mail-complaints-to="newsmaster@tnetconsulting.net"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
Thunderbird/78.13.0
In-Reply-To: <t2kh83$1tg3$1@gal.iecc.com>
Content-Language: en-US
 by: Grant Taylor - Wed, 6 Apr 2022 17:25 UTC

On 4/6/22 11:05 AM, John Levine wrote:
> If you have multiple MXes at the same priority, they need to share
> the greylist database.

I like that distinction / clarification.

> For a while I tried a greylister that did 4xx at the end of data
> and remembered a checksum of the message, and found that some bulk
> mailers regenerate the message so it has new timestamps.

Ew.

> It's just a way to see whether a mail client knows how to retry
> after a soft reject. Once it does that, there's no point in further
> greylisting the same source.

I largely agree.

Though I do think that I'd put an upper bound on how long I'd retain
that state. -- I usually had my systems configured such that this
information was volatile and did not persist across daemon invocations.
I found that an additional turn through the grey list once every couple
of months wasn't a problem and didn't noticeably add to the overall
average delay.

--
Grant. . . .
unix || die

Re: thinking of implementing grey listing,

<t2kkup$2fap$1@gal.iecc.com>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=426&group=comp.mail.sendmail#426

 copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!news.misty.com!news.iecc.com!.POSTED.news.iecc.com!not-for-mail
From: joh...@taugh.com (John Levine)
Newsgroups: comp.mail.sendmail
Subject: Re: thinking of implementing grey listing,
Date: Wed, 6 Apr 2022 18:08:25 -0000 (UTC)
Organization: Taughannock Networks
Message-ID: <t2kkup$2fap$1@gal.iecc.com>
References: <t26f2b$nha$1@dont-email.me> <t2j92s$u0k$1@news.misty.com> <t2kh83$1tg3$1@gal.iecc.com> <t2kidq$jvm$1@tncsrv09.home.tnetconsulting.net>
Injection-Date: Wed, 6 Apr 2022 18:08:25 -0000 (UTC)
Injection-Info: gal.iecc.com; posting-host="news.iecc.com:2001:470:1f07:1126:0:676f:7373:6970";
logging-data="81241"; mail-complaints-to="abuse@iecc.com"
In-Reply-To: <t26f2b$nha$1@dont-email.me> <t2j92s$u0k$1@news.misty.com> <t2kh83$1tg3$1@gal.iecc.com> <t2kidq$jvm$1@tncsrv09.home.tnetconsulting.net>
Cleverness: some
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
Originator: johnl@iecc.com (John Levine)
 by: John Levine - Wed, 6 Apr 2022 18:08 UTC

According to Grant Taylor <gtaylor@tnetconsulting.net>:
>> It's just a way to see whether a mail client knows how to retry
>> after a soft reject. Once it does that, there's no point in further
>> greylisting the same source.
>
>I largely agree.
>
>Though I do think that I'd put an upper bound on how long I'd retain
>that state. -- I usually had my systems configured such that this
>information was volatile and did not persist across daemon invocations.
>I found that an additional turn through the grey list once every couple
>of months wasn't a problem and didn't noticeably add to the overall
>average delay.

Mine ages out after 90 days to keep the file from filling up with obsolete
junk. I agree that one extra greylist every few months is not a big deal.

--
Regards,
John Levine, johnl@taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly

Re: thinking of implementing grey listing,

<t2nm9n$dma$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=427&group=comp.mail.sendmail#427

 copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: hzcnjkx...@tormails.com (None)
Newsgroups: comp.mail.sendmail
Subject: Re: thinking of implementing grey listing,
Date: Thu, 7 Apr 2022 23:49:42 +0200
Organization: A noiseless patient Spider
Lines: 9
Message-ID: <t2nm9n$dma$1@dont-email.me>
References: <t26f2b$nha$1@dont-email.me> <t2j92s$u0k$1@news.misty.com>
<t2kh83$1tg3$1@gal.iecc.com> <t2kidq$jvm$1@tncsrv09.home.tnetconsulting.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Thu, 7 Apr 2022 21:49:43 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="0816afbcea62d094b377a1dd2a259e5d";
logging-data="14026"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX191yXgbW/egrG1NtwfrY8LjVhNJefTVnA+H14E983AGCA=="
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101
Thunderbird/91.5.1
Cancel-Lock: sha1:c2a+WYkoi6pxf6KMFPJCB6Y2T7k=
In-Reply-To: <t2kidq$jvm$1@tncsrv09.home.tnetconsulting.net>
Content-Language: en-US
 by: None - Thu, 7 Apr 2022 21:49 UTC

>
>> For a while I tried a greylister that did 4xx at the end of data and
>> remembered a checksum of the message, and found that some bulk mailers
>> regenerate the message so it has new timestamps.
>

Yes I can understand that, I have noticed that spamassassin is starting
to complain about the time/dates in the messages.

Re: thinking of implementing grey listing,

<t2nnj1$hat$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=428&group=comp.mail.sendmail#428

 copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: hzcnjkx...@tormails.com (None)
Newsgroups: comp.mail.sendmail
Subject: Re: thinking of implementing grey listing,
Date: Fri, 8 Apr 2022 00:11:42 +0200
Organization: A noiseless patient Spider
Lines: 28
Message-ID: <t2nnj1$hat$1@dont-email.me>
References: <t26f2b$nha$1@dont-email.me>
<t2i582$qpa$1@tncsrv09.home.tnetconsulting.net> <t2k8sg$7ge$2@dont-email.me>
<t2kbjg$4se$1@tncsrv09.home.tnetconsulting.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Thu, 7 Apr 2022 22:11:45 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="bbfba349ca2001046b5b718551fa334c";
logging-data="17757"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19eJPW1/N3eZr8Jlc7JBYkdmdMwYTaj+T2quQcDLSoe1A=="
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101
Thunderbird/91.5.1
Cancel-Lock: sha1:8Ctu1uCmWXkYBzH9acbsaR7AcTc=
In-Reply-To: <t2kbjg$4se$1@tncsrv09.home.tnetconsulting.net>
Content-Language: en-US
 by: None - Thu, 7 Apr 2022 22:11 UTC

>> So I decided to try and turn the blocking into grey listing, but the
>> sender is getting a greylist dsn with an api url to the mx host.
>> Just clicking the link will allow the message go thru on the next
>> attempt.
>
> I would discourage relying on information from your SMTP delay actually
> being surfaced back to the end user.  I've found that such information
> frequently doesn't make it to the end user.  Even when it does make it
> to the end user, chances are quite good that they will not know what to
> do with it.

Currently I am just rejecting the messages if they originate from an ip
in the dns blacklist (most of these emails are crap). Compared to that I
think it is nice to relay back to some real valid users/message an
option to click a link.

If they start complaining, I can say look at the email,
If they do not understand, I can say click the link,
If they do not have the email, then I can say the $f is supposed to be a
route-able address, complain to your provider for not maintaining the
standard, make them forward your message.

In my current situation I have not really a solution. Other then to
remove the dns blacklist entry, probably forced to do this for a large
range of ip's, which results in getting more spam from this network.
(in the case of randomized $f, I have already an email whitelist)

Re: challenge response spam thinking of implementing grey listing,

<t2o0g9$k9g$1@gal.iecc.com>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=429&group=comp.mail.sendmail#429

 copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!news.misty.com!news.iecc.com!.POSTED.news.iecc.com!not-for-mail
From: joh...@taugh.com (John Levine)
Newsgroups: comp.mail.sendmail
Subject: Re: challenge response spam thinking of implementing grey listing,
Date: Fri, 8 Apr 2022 00:43:53 -0000 (UTC)
Organization: Taughannock Networks
Message-ID: <t2o0g9$k9g$1@gal.iecc.com>
References: <t26f2b$nha$1@dont-email.me> <t2i582$qpa$1@tncsrv09.home.tnetconsulting.net> <t2k8sg$7ge$2@dont-email.me>
Injection-Date: Fri, 8 Apr 2022 00:43:53 -0000 (UTC)
Injection-Info: gal.iecc.com; posting-host="news.iecc.com:2001:470:1f07:1126:0:676f:7373:6970";
logging-data="20784"; mail-complaints-to="abuse@iecc.com"
In-Reply-To: <t26f2b$nha$1@dont-email.me> <t2i582$qpa$1@tncsrv09.home.tnetconsulting.net> <t2k8sg$7ge$2@dont-email.me>
Cleverness: some
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
Originator: johnl@iecc.com (John Levine)
 by: John Levine - Fri, 8 Apr 2022 00:43 UTC

According to None <hzcnjkx656@tormails.com>:
>So I decided to try and turn the blocking into grey listing, but the
>sender is getting a greylist dsn with an api url to the mx host.
>Just clicking the link will allow the message go thru on the next attempt.

That is a bad idea unless you want to find yourself widely blocked.

Most spam has forged return addresses, so you're sending those
challenges to random strangers who never sent you mail and will
correctly interpret your challenges as spam from you, and act
accordingly.

This sort of challenge-response nonsense was somewhat popular 20 years
ago but I thought it was mostly eradicated by now.

--
Regards,
John Levine, johnl@taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly

Re: challenge response spam thinking of implementing grey listing,

<t2oc1v$h0q$1@tncsrv09.home.tnetconsulting.net>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=430&group=comp.mail.sendmail#430

 copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!tncsrv06.tnetconsulting.net!tncsrv09.home.tnetconsulting.net!.POSTED.alpha.home.tnetconsulting.net!not-for-mail
From: gtay...@tnetconsulting.net (Grant Taylor)
Newsgroups: comp.mail.sendmail
Subject: Re: challenge response spam thinking of implementing grey listing,
Date: Thu, 7 Apr 2022 22:01:35 -0600
Organization: TNet Consulting
Message-ID: <t2oc1v$h0q$1@tncsrv09.home.tnetconsulting.net>
References: <t26f2b$nha$1@dont-email.me>
<t2i582$qpa$1@tncsrv09.home.tnetconsulting.net> <t2k8sg$7ge$2@dont-email.me>
<t2o0g9$k9g$1@gal.iecc.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Fri, 8 Apr 2022 04:01:03 -0000 (UTC)
Injection-Info: tncsrv09.home.tnetconsulting.net; posting-host="alpha.home.tnetconsulting.net:198.18.18.251";
logging-data="17434"; mail-complaints-to="newsmaster@tnetconsulting.net"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
Thunderbird/78.13.0
In-Reply-To: <t2o0g9$k9g$1@gal.iecc.com>
Content-Language: en-US
 by: Grant Taylor - Fri, 8 Apr 2022 04:01 UTC

On 4/7/22 6:43 PM, John Levine wrote:
> That is a bad idea unless you want to find yourself widely blocked.

I think that you're talking about something different than my
understanding of what the OP is talking about.

> This sort of challenge-response nonsense was somewhat popular 20
> years ago but I thought it was mostly eradicated by now.

My understanding is that the OP is returning custom error messages
during the initial SMTP transaction and /NOT/ sending independent
challenge-response messages.

--
Grant. . . .
unix || die

Re: challenge response spam thinking of implementing grey listing,

<t2oppl$351$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=431&group=comp.mail.sendmail#431

 copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: hzcnjkx...@tormails.com (None)
Newsgroups: comp.mail.sendmail
Subject: Re: challenge response spam thinking of implementing grey listing,
Date: Fri, 8 Apr 2022 09:55:31 +0200
Organization: A noiseless patient Spider
Lines: 19
Message-ID: <t2oppl$351$1@dont-email.me>
References: <t26f2b$nha$1@dont-email.me>
<t2i582$qpa$1@tncsrv09.home.tnetconsulting.net> <t2k8sg$7ge$2@dont-email.me>
<t2o0g9$k9g$1@gal.iecc.com> <t2oc1v$h0q$1@tncsrv09.home.tnetconsulting.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Fri, 8 Apr 2022 07:55:34 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="bbfba349ca2001046b5b718551fa334c";
logging-data="3233"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18jtUGFpO/bwJtGRC1mdIkX6dsrWrNAUcy800dyevez0A=="
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101
Thunderbird/91.5.1
Cancel-Lock: sha1:KEylJ8gLUpPfIHrdfU3fm2sQWXk=
In-Reply-To: <t2oc1v$h0q$1@tncsrv09.home.tnetconsulting.net>
Content-Language: en-US
 by: None - Fri, 8 Apr 2022 07:55 UTC

> My understanding is that the OP is returning custom error messages
> during the initial SMTP transaction and /NOT/ sending independent
> challenge-response messages.
>

Indeed, indeed, I was actually wondering if there is a difference in how
4xx errors are being treated (in regards relaying this back to the
sender) Currently I am getting a notification after 4h. While 5xx are
instant.

The alternative would be storing the message locally, sending a 5xx
error with a link to allow the message archived thru.
Although I am clueless on how to re-initiate the process of delivery
from these stored emails. With the greylisting I can just wait for the
sender to solve this for me.

Re: challenge response spam thinking of implementing grey listing,

<t2oqb5$dqq$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=432&group=comp.mail.sendmail#432

 copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: hzcnjkx...@tormails.com (None)
Newsgroups: comp.mail.sendmail
Subject: Re: challenge response spam thinking of implementing grey listing,
Date: Fri, 8 Apr 2022 10:04:51 +0200
Organization: A noiseless patient Spider
Lines: 17
Message-ID: <t2oqb5$dqq$1@dont-email.me>
References: <t26f2b$nha$1@dont-email.me>
<t2i582$qpa$1@tncsrv09.home.tnetconsulting.net> <t2k8sg$7ge$2@dont-email.me>
<t2o0g9$k9g$1@gal.iecc.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Fri, 8 Apr 2022 08:04:53 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="bbfba349ca2001046b5b718551fa334c";
logging-data="14170"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/uRmQ2WrgvSF0XsIZ5XJ/GrVcJzwVgVpotI3yM+goK3g=="
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101
Thunderbird/91.5.1
Cancel-Lock: sha1:aBnf4iXE9lBxMXGCac5UnCIMpRg=
In-Reply-To: <t2o0g9$k9g$1@gal.iecc.com>
Content-Language: en-US
 by: None - Fri, 8 Apr 2022 08:04 UTC

> Most spam has forged return addresses, so you're sending those
> challenges to random strangers who never sent you mail and will
> correctly interpret your challenges as spam from you, and act
> accordingly.
>
> This sort of challenge-response nonsense was somewhat popular 20 years
> ago but I thought it was mostly eradicated by now.
>

I was actually thinking the same. However I think currently this option
is getting more available than in the past. You could do this only for
mail received from senders that have valid spf settings for sure -all
but maybe also the ~all.

Re: challenge response spam thinking of implementing grey listing,

<t2pvng$i9h$1@gal.iecc.com>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=433&group=comp.mail.sendmail#433

 copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!news.misty.com!news.iecc.com!.POSTED.news.iecc.com!not-for-mail
From: joh...@taugh.com (John Levine)
Newsgroups: comp.mail.sendmail
Subject: Re: challenge response spam thinking of implementing grey listing,
Date: Fri, 8 Apr 2022 18:42:56 -0000 (UTC)
Organization: Taughannock Networks
Message-ID: <t2pvng$i9h$1@gal.iecc.com>
References: <t26f2b$nha$1@dont-email.me> <t2o0g9$k9g$1@gal.iecc.com> <t2oc1v$h0q$1@tncsrv09.home.tnetconsulting.net> <t2oppl$351$1@dont-email.me>
Injection-Date: Fri, 8 Apr 2022 18:42:56 -0000 (UTC)
Injection-Info: gal.iecc.com; posting-host="news.iecc.com:2001:470:1f07:1126:0:676f:7373:6970";
logging-data="18737"; mail-complaints-to="abuse@iecc.com"
In-Reply-To: <t26f2b$nha$1@dont-email.me> <t2o0g9$k9g$1@gal.iecc.com> <t2oc1v$h0q$1@tncsrv09.home.tnetconsulting.net> <t2oppl$351$1@dont-email.me>
Cleverness: some
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
Originator: johnl@iecc.com (John Levine)
 by: John Levine - Fri, 8 Apr 2022 18:42 UTC

According to None <hzcnjkx656@tormails.com>:
>Indeed, indeed, I was actually wondering if there is a difference in how
>4xx errors are being treated (in regards relaying this back to the
>sender) Currently I am getting a notification after 4h. While 5xx are
>instant.

Oh, OK. That's shooting yourself in the foot. Approximately nobody
notifies users about 4xx rejections unless they repeat long enough
(days) that the message times out.

>The alternative would be storing the message locally, sending a 5xx
>error with a link to allow the message archived thru.

I think that's shooting yourself in the other foot. If your rejection
shows up in a person's mailbox, they'll probably think it is a weird
phish and ignore it. But a lot of entirely legit mail does not
come from people, like newsletters and order confirmations for
stuff you've bought. Those 5xx will be seen by nobody and the
mail will just disappear.

--
Regards,
John Levine, johnl@taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly

Re: challenge response spam thinking of implementing grey listing,

<t2qi0v$3sg$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=434&group=comp.mail.sendmail#434

 copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: hzcnjkx...@tormails.com (None)
Newsgroups: comp.mail.sendmail
Subject: Re: challenge response spam thinking of implementing grey listing,
Date: Sat, 9 Apr 2022 01:55:09 +0200
Organization: A noiseless patient Spider
Lines: 45
Message-ID: <t2qi0v$3sg$1@dont-email.me>
References: <t26f2b$nha$1@dont-email.me> <t2o0g9$k9g$1@gal.iecc.com>
<t2oc1v$h0q$1@tncsrv09.home.tnetconsulting.net> <t2oppl$351$1@dont-email.me>
<t2pvng$i9h$1@gal.iecc.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Fri, 8 Apr 2022 23:55:11 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="2ae8d8df6625cbf338325420b83a760b";
logging-data="3984"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18SqWmpp3IPa+bD/Bw5QmqZ6jb6yAEkZw+ehhgFAhdZ4A=="
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101
Thunderbird/91.5.1
Cancel-Lock: sha1:gG36cd8or3v1MubaTBtbSg21Fmk=
In-Reply-To: <t2pvng$i9h$1@gal.iecc.com>
Content-Language: en-US
 by: None - Fri, 8 Apr 2022 23:55 UTC

On 08/04/2022 20:42, John Levine wrote:
> According to None <hzcnjkx656@tormails.com>:
>> Indeed, indeed, I was actually wondering if there is a difference in how
>> 4xx errors are being treated (in regards relaying this back to the
>> sender) Currently I am getting a notification after 4h. While 5xx are
>> instant.
>
> Oh, OK. That's shooting yourself in the foot. Approximately nobody
> notifies users about 4xx rejections unless they repeat long enough
> (days) that the message times out.
>

Indeed, looks like that. Even error codes about the amount of recipients
being to high are not directly relayed back to the sender.
One would think that such required 'manual' alteration would be notified
immediately. But I will try a few others.

>> The alternative would be storing the message locally, sending a 5xx
>> error with a link to allow the message archived thru.
>
> I think that's shooting yourself in the other foot. If your rejection
> shows up in a person's mailbox, they'll probably think it is a weird
> phish and ignore it.

From my experience I can not really conclude people are not reading the
error messages.
Even if, I can't be blamed if someone else is failing to read something.
Next time they read it, when they want to get thru.

> But a lot of entirely legit mail does not
> come from people, like newsletters and order confirmations for
> stuff you've bought. Those 5xx will be seen by nobody and the
> mail will just disappear.

Yes that is a really weird concept "I can contact you, but you are not
allowed to contact me". I can't wait for the legislation where the
noreply@... stuff is being banned.

Companies/users that send from spamming networks, I offer ip
whitelisting (when they get dedicated ip), email address (envelope from)
white listing, and now a link in a dsn.
I think that is quite a nice service towards people being cheap sending
via third rate services.

Re: challenge response spam thinking of implementing grey listing,

<t2qqgl$mpa$1@gal.iecc.com>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=435&group=comp.mail.sendmail#435

 copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!news.misty.com!news.iecc.com!.POSTED.news.iecc.com!not-for-mail
From: joh...@taugh.com (John Levine)
Newsgroups: comp.mail.sendmail
Subject: Re: challenge response spam thinking of implementing grey listing,
Date: Sat, 9 Apr 2022 02:20:05 -0000 (UTC)
Organization: Taughannock Networks
Message-ID: <t2qqgl$mpa$1@gal.iecc.com>
References: <t26f2b$nha$1@dont-email.me> <t2oppl$351$1@dont-email.me> <t2pvng$i9h$1@gal.iecc.com> <t2qi0v$3sg$1@dont-email.me>
Injection-Date: Sat, 9 Apr 2022 02:20:05 -0000 (UTC)
Injection-Info: gal.iecc.com; posting-host="news.iecc.com:2001:470:1f07:1126:0:676f:7373:6970";
logging-data="23338"; mail-complaints-to="abuse@iecc.com"
In-Reply-To: <t26f2b$nha$1@dont-email.me> <t2oppl$351$1@dont-email.me> <t2pvng$i9h$1@gal.iecc.com> <t2qi0v$3sg$1@dont-email.me>
Cleverness: some
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
Originator: johnl@iecc.com (John Levine)
 by: John Levine - Sat, 9 Apr 2022 02:20 UTC

According to None <hzcnjkx656@tormails.com>:
>> But a lot of entirely legit mail does not
>> come from people, like newsletters and order confirmations for
>> stuff you've bought. Those 5xx will be seen by nobody and the
>> mail will just disappear.
>
>Yes that is a really weird concept "I can contact you, but you are not
>allowed to contact me". I can't wait for the legislation where the
>noreply@... stuff is being banned.

Um, you are aware of the difference between the envelope and the
message header, I hope?

Those 5xx rejection messages go to the envelope address. Every
discussion list hosted by Mailman or Sympa or LISTSERV sends the
bounces to a robot that tries to figure out what the problem was and
prune addresses that bounce consistently. Ditto any competent
bulk message or transaction system. That has nothing to do with the
address in the From header to which manual replies would be sent.

Really, you can shoot yourself in the foot if you want, but I can't recommend it.
Greylisting is pretty effective as a way to tell whether you're talking to a real
MTA or a spambot. But that's all it does.

--
Regards,
John Levine, johnl@taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly

Re: challenge response spam thinking of implementing grey listing,

<t2rrnh$ctb$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=436&group=comp.mail.sendmail#436

 copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: hzcnjkx...@tormails.com (None)
Newsgroups: comp.mail.sendmail
Subject: Re: challenge response spam thinking of implementing grey listing,
Date: Sat, 9 Apr 2022 13:46:56 +0200
Organization: A noiseless patient Spider
Lines: 26
Message-ID: <t2rrnh$ctb$1@dont-email.me>
References: <t26f2b$nha$1@dont-email.me> <t2oppl$351$1@dont-email.me>
<t2pvng$i9h$1@gal.iecc.com> <t2qi0v$3sg$1@dont-email.me>
<t2qqgl$mpa$1@gal.iecc.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sat, 9 Apr 2022 11:46:57 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="2ae8d8df6625cbf338325420b83a760b";
logging-data="13227"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX195v8Tuk5mKnnd85qIeqnLE1HGZZiypWueA3tH8eKNo6A=="
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101
Thunderbird/91.5.1
Cancel-Lock: sha1:fr5zovECnh8v5HY5QXrXi/mRnGw=
In-Reply-To: <t2qqgl$mpa$1@gal.iecc.com>
Content-Language: en-US
 by: None - Sat, 9 Apr 2022 11:46 UTC

>
> Um, you are aware of the difference between the envelope and the
> message header, I hope?
>

Yes. yes. Currently my reasons for using this are
- envelope should be route-able, from: idk (only skipped a bit through
these rfc's)
- most 'normal' email have an envelope = from:
- spf check results are already available
- automated systems (not made in India) are expecting errors there and
most likely have some sort of exception handling that tries to report
something back (on a web interface).

> Those 5xx rejection messages go to the envelope address. Every
> discussion list hosted by Mailman or Sympa or LISTSERV sends the
> bounces to a robot that tries to figure out what the problem was and
> prune addresses that bounce consistently. Ditto any competent
> bulk message or transaction system. That has nothing to do with the
> address in the From header to which manual replies would be sent.

I will have to test between these two. I am more and more thinking about
dumping all the email traffic in something like prometheus/influx, so I
can compare and graph the results better over time.

Re: challenge response spam thinking of implementing grey listing,

<t331rr$set$1@tncsrv09.home.tnetconsulting.net>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=437&group=comp.mail.sendmail#437

 copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!tncsrv06.tnetconsulting.net!tncsrv09.home.tnetconsulting.net!.POSTED.alpha.home.tnetconsulting.net!not-for-mail
From: gtay...@tnetconsulting.net (Grant Taylor)
Newsgroups: comp.mail.sendmail
Subject: Re: challenge response spam thinking of implementing grey listing,
Date: Mon, 11 Apr 2022 23:15:09 -0600
Organization: TNet Consulting
Message-ID: <t331rr$set$1@tncsrv09.home.tnetconsulting.net>
References: <t26f2b$nha$1@dont-email.me>
<t2i582$qpa$1@tncsrv09.home.tnetconsulting.net> <t2k8sg$7ge$2@dont-email.me>
<t2o0g9$k9g$1@gal.iecc.com> <t2oc1v$h0q$1@tncsrv09.home.tnetconsulting.net>
<t2oppl$351$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Tue, 12 Apr 2022 05:14:35 -0000 (UTC)
Injection-Info: tncsrv09.home.tnetconsulting.net; posting-host="alpha.home.tnetconsulting.net:198.18.18.251";
logging-data="29149"; mail-complaints-to="newsmaster@tnetconsulting.net"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
Thunderbird/78.13.0
In-Reply-To: <t2oppl$351$1@dont-email.me>
Content-Language: en-US
 by: Grant Taylor - Tue, 12 Apr 2022 05:15 UTC

On 4/8/22 1:55 AM, None wrote:
> Indeed, indeed, I was actually wondering if there is a difference in how
> 4xx errors are being treated (in regards relaying this back to the
> sender)

That's tricky. On one hand, you've got problems with what the MUA will
surface up from the (failed) SMTP transaction with the MSA to the end
user through the UI. On the other hand, you've got problems with what
sort of DNS / bounce the downstream MTA will return to the purported
envelope sender, combined with how does the MUA display DSNs / bounces
that it recognizes. I've seen both ends of the spectrum of both
failures. In short, you can't rely on anything being remotely usable,
much less understandable by the lay person.

> Currently I am getting a notification after 4h. While 5xx are instant.

That makes sense to me. 4xx errors means the server thinks "maybe I can
get the message through later, I should retry before giving up and
telling the boss." Conversely 5xx errors mean the server thinks "I
won't be able to get this message through, I should tell the boss now".

> The alternative would be storing the message locally, sending a 5xx
> error with a link to allow the message archived thru.

I *STRONGLY* discourage this. Without any form of validation of the
purported SMTP envelope, you are almost certainly going to end up
sending what amounts to spam back to spoofed senders. -- Joe Job and
snow shoe spam come to mind.

> Although I am clueless on how to re-initiate the process of delivery
> from these stored emails. With the greylisting I can just wait for the
> sender to solve this for me.

You can tell Sendmail to process message(s) in the local mail queue
based on different criteria.

There's not much you can do to remote servers sending to you. If you
know which server it is, you could theoretically issue an ETRN for your
domain. But ... that's going to be fraught with problems. -- I've
used ETRN from my primary SMTP server to ask my secondary SMTP server to
initiate queue processes after un-wedging something ($MILTER with it's
bits in a jam) on the primary.

--
Grant. . . .
unix || die

Re: challenge response spam thinking of implementing grey listing,

<t3335o$54o$1@tncsrv09.home.tnetconsulting.net>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=438&group=comp.mail.sendmail#438

 copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!tncsrv06.tnetconsulting.net!tncsrv09.home.tnetconsulting.net!.POSTED.alpha.home.tnetconsulting.net!not-for-mail
From: gtay...@tnetconsulting.net (Grant Taylor)
Newsgroups: comp.mail.sendmail
Subject: Re: challenge response spam thinking of implementing grey listing,
Date: Mon, 11 Apr 2022 23:37:30 -0600
Organization: TNet Consulting
Message-ID: <t3335o$54o$1@tncsrv09.home.tnetconsulting.net>
References: <t26f2b$nha$1@dont-email.me> <t2o0g9$k9g$1@gal.iecc.com>
<t2oc1v$h0q$1@tncsrv09.home.tnetconsulting.net> <t2oppl$351$1@dont-email.me>
<t2pvng$i9h$1@gal.iecc.com> <t2qi0v$3sg$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Tue, 12 Apr 2022 05:36:56 -0000 (UTC)
Injection-Info: tncsrv09.home.tnetconsulting.net; posting-host="alpha.home.tnetconsulting.net:198.18.18.251";
logging-data="5272"; mail-complaints-to="newsmaster@tnetconsulting.net"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
Thunderbird/78.13.0
In-Reply-To: <t2qi0v$3sg$1@dont-email.me>
Content-Language: en-US
 by: Grant Taylor - Tue, 12 Apr 2022 05:37 UTC

On 4/8/22 5:55 PM, None wrote:
> Indeed, looks like that. Even error codes about the amount of recipients
> being to high are not directly relayed back to the sender.

It depends on what "amount of recipients being too high" means. It
could be too many recipients for the given message, which I would expect
to cause an immediate permanent 5xx failure. Or it could be "we've seen
too many messages / different recipients from this sending server,
please try again later." which is akin to grey listing and shouldn't
cause an error.

> One would think that such required 'manual' alteration would be notified
> immediately. But I will try a few others.

It depends on what it is. There's a lot of subtlety to it.

> From my experience I can not really conclude people are not reading the
> error messages.

My experience is that people see /something/ -- it doesn't matter what
it is -- that is not the positive / affirmative result they are used to,
and freeze up or glaze over or otherwise fail to make sense of it.

Years ago I created a text message for a log in script that said:

--8<--
Call the help desk at 7220 and tell them "My computer says it needs to
be scanned." -- This message will no longer pop up after your computer
has been scanned.
-->8--

Once a month I'd have someone that would stop me while I was out working
on computers saying something like "my computer has this message that
pops up". I'd see what it was and ask them to read it to me. They
would read it without processing it and then ask "what do I need to do".
To which I'd tell them to read it again for the answer to that very
question. We'd go back and forth between one and three times. Usually
it ended with them saying "so I've been putting up with this message for
many months when all I needed to do was to call the help desk and say
one thing?!?!?!" to which I'd say "yes".

Sometimes they'd ask me to fix things while I was there. I'd tell them
that I can't, and that they would need to follow the directions on their
screen.

You can lead a horse to water, but you can't make it drink. People have
to want to help themselves.

> Even if, I can't be blamed if someone else is failing to read something.

Oh, trust me, you can be blamed.

I ran into all sorts of excuses as to why people didn't read the
message. "It's a computer error...." or "errors are for technicians..."
or the likes.

> Next time they read it, when they want to get thru.

Yep.

"Tar is cowardly refusing to create an empty archive."

The reasoning for the error is staring you in the face. But you have to
be able to see past the trees to appreciate the forest.

> Yes that is a really weird concept "I can contact you, but you are not
> allowed to contact me". I can't wait for the legislation where the
> noreply@... stuff is being banned.

Banning it won't be any more effective than banning spam / viruses /
other computer crime.

I have always believed that each and every noreply@ bull shit is a
missed opportunity. It's relatively easy to encode all sorts of
information about what sent the message using VERP. It's fairly easy to
use a legitimate From: header, VERP like or otherwise. It's
ridiculously simple stupid to use a Reply-To: header to re-direct the
inevitable reply to somewhere useful, even if it's just an info@ type
positional address that a robot looks at before a human does.

Aside: You can even do something to indicate to the robot that this
message is from someone that has received a message from the company.
If you're smart about it, you can encode information about the message
that the reply is from, thus who the message was sent to that is being
replied to that generated the message that the robot is processing.

Maybe it's just me, but I don't think this is hard by any stretch of the
imagination.

noreply@ bull shit is a wasted opportunity.

> Companies/users that send from spamming networks, I offer ip
> whitelisting (when they get dedicated ip), email address (envelope from)
> white listing, and now a link in a dsn.
> I think that is quite a nice service towards people being cheap sending
> via third rate services.

I'll give you kudos to the link in the DSN. Props if the link encodes
details to partially fill out a form. ;-)

Aside: Be careful with the link. Don't obfuscate things. Let people
see what is being sent. It's good will or anti bad will. Also,
authenticate what is sent & comes in so that someone can't get up to
mischief.

--
Grant. . . .
unix || die

Re: challenge response spam thinking of implementing grey listing,

<t333io$ef6$1@tncsrv09.home.tnetconsulting.net>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=439&group=comp.mail.sendmail#439

 copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!tncsrv06.tnetconsulting.net!tncsrv09.home.tnetconsulting.net!.POSTED.alpha.home.tnetconsulting.net!not-for-mail
From: gtay...@tnetconsulting.net (Grant Taylor)
Newsgroups: comp.mail.sendmail
Subject: Re: challenge response spam thinking of implementing grey listing,
Date: Mon, 11 Apr 2022 23:44:27 -0600
Organization: TNet Consulting
Message-ID: <t333io$ef6$1@tncsrv09.home.tnetconsulting.net>
References: <t26f2b$nha$1@dont-email.me> <t2oppl$351$1@dont-email.me>
<t2pvng$i9h$1@gal.iecc.com> <t2qi0v$3sg$1@dont-email.me>
<t2qqgl$mpa$1@gal.iecc.com> <t2rrnh$ctb$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Tue, 12 Apr 2022 05:43:52 -0000 (UTC)
Injection-Info: tncsrv09.home.tnetconsulting.net; posting-host="alpha.home.tnetconsulting.net:198.18.18.251";
logging-data="14822"; mail-complaints-to="newsmaster@tnetconsulting.net"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
Thunderbird/78.13.0
In-Reply-To: <t2rrnh$ctb$1@dont-email.me>
Content-Language: en-US
 by: Grant Taylor - Tue, 12 Apr 2022 05:44 UTC

On 4/9/22 5:46 AM, None wrote:
> Yes. yes. Currently my reasons for using this are
> - envelope should be route-able, from: idk (only skipped a bit through
> these rfc's)

I believe the envelope sender is an opportunity to encode debugging
information. E.g. VERP.

I believe that there are other SMTP options that are woefully under
used; ORCPT, notify, etc.

> - most 'normal' email have an envelope = from:

Maybe. Don't rely on it.

> - spf check results are already available
> - automated systems (not made in India) are expecting errors there and
> most likely have some sort of exception handling that tries to report
> something back (on a web interface).

I feel the need to state that there is a big difference in what happens
during the SMTP transaction vs what happens after. Rejecting the
message during the SMTP transaction leaves the responsibility with the
sending system, thus putting it on the hook for undesirable behavior.
Bouncing after accepting a message means that you are on the hook for
the undesirable behavior. -- Focus on what you can influence. Reject
at SMTP time if possible.

> I will have to test between these two. I am more and more thinking about
> dumping all the email traffic in something like prometheus/influx, so I
> can compare and graph the results better over time.

I'll take John's statement one step further. I prefer it when the
sending system (CRM et al.) is actually the SMTP client so that it has
/direct/ visibility into things. Sometimes it's possible to learn
/more/ information /faster/ than having things loop through an
intermediate SMTP relay. Especially if the receiving system uses proper
or enhanced status codes.

--
Grant. . . .
unix || die

Pages:12
server_pubkey.txt

rocksolid light 0.9.7
clearnet tor