Andrzej Marecki wrote:
> I have just noticed that recently gmail.com mails also come from
> the addresses in the range from 74.125.46.24 to 74.125.46.63.
> However, these are not included in the suite of whitelisted IPs in
> greylist.conf.
Google's SMTP server farm is too big to pass greylisting. They have
139,000+ servers listed as legitimate in their SPF record, so if the
odds of *ever* sending from the same server with the same sender and
recipient email addresses are all but zero. While I doubt they've
actually enlisted all 139k servers for SMTP, they certainly have
enough to send users delivery warnings, and I've seen mail bounce
thanks to not doubling back on the same server within the 4 day period.
My solution was to include ALL of gmail/google's SPF records in the
milter-greylist "broken mta" whitelist. It looks like this
(whitespace shortened to fit in 72-column email):
list "broken mta" addr { \
[...]
216.239.32.0/19 64.233.160.0/19 66.249.80.0/20 72.14.192.0/18 \
209.85.128.0/17 66.102.0.0/20 74.125.0.0/16 \ # google/gmail
}
I didn't remove redundant entries above it so that a quick diff on the
next released sample config would still pass (rather than having to
review each "new" google entry). Milter-greylist does not complain
about the duplicates.
This is (obviously) not needed unless you've enabled "nospf"
I got this idea from:
http://bsdly.blogspot.com/2007_07_01_archive.html#spf-potentially-useful
See also our previous thread on this topic from March, archived at
http://tech.groups.yahoo.com/group/milter-greylist/message/4228
-AdamMessage
Re: [milter-greylist] New IPs of Google mail
2008-05-13 by Adam Katz