Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-13 23:57 UTC

Message

Re: [milter-greylist] Sender with multiple MTAs=delays for every message

2017-03-13 by Thomas Cameron

On 03/12/2017 10:54 AM, Greg Troxel gdt@... [milter-greylist] wrote:
> 
> "Thomas Cameron thomas.cameron@..." writes:
>>
>> I had a mail conversation with someone today. They use some Amazon
>> hosted mail service. The first email came from [sender1] and was relayed
>> through ec2-54-153-11-11.us-west-1.compute.amazonaws.com. The second
>> mail came from [sender1] but from
>> ec2-54-153-22-22.us-west-1.compute.amazonaws.com, and so on. Every new
>> e-mail wound up coming through a different relay on Amazon.
>>
>> What winds up happening is, EVERY new e-mail is delayed, often times
>> several hours because they don't retry in a timely fashion.
> 
> [This list has bad behavior with Reply-To and rewriting the sender....]
> 
> A few ideas:
> 
> * There's a notion of whitelisting address ranges that are inhabited by
>   this kind of distributed retrying.

Unfortunately, I have other customers (and friends) who use outlook.com.
They have SCADS of outbound hosts:

mail-sn1nam02on0136.outbound.protection.outlook.com
mail-sn1nam02on0139.outbound.protection.outlook.com
mail-sn1nam01on0130.outbound.protection.outlook.com
mail-dm3nam03on0130.outbound.protection.outlook.com
mail-dm3nam03on0131.outbound.protection.outlook.com
mail-cys01nam02on0114.outbound.protection.outlook.com
mail-cys01nam02on0115.outbound.protection.outlook.com
...

A quick grep|sort|uniq through my maillog shows almost 500 hostnames
from protection.outlook.com having delivered e-mail to my tiny little
mail server!

> * In an age where greylisting is normal, it's buggy of a sender not to
>   retry from the same address.  Good luck with that approach :-)

It *does* retry the same message from the same address. The problem is,
if the person sends me 5 emails, they come from five different sending
MTAs. Each one starts the delay all over again, and I see delays like this:

X-Greylist: Delayed for 14:02:47 by milter-greylist-4.5.16
(mail-west.camerontech.com [104.131.155.84]); Sat, 11 Mar 2017 11:47:45
+0000 (UTC)

That is PER EMAIL, since each one seems to come from a different MTA.

> * Perhaps milter-greylist could by default or could be configured to
>   consider hosts in the same /24 (not enough for your case) or /16 to be
>   the same.

Well, these hosts seem to come from 104.47.32.x through 104.47.42.x. I
suppose I could whitelist all those subnets.

> What I do is just add whitelist entries when I have trouble.

I tired that. I tried:

list "whitelist domains" domain { \
     domain.tld \
}

racl whitelist list "whitelist domains"

But they are still delayed. I suppose I could also try

list "whitelist domains" domain { \
     domain.tld \
     outbound.protection.outlook.com \
}

racl whitelist list "whitelist domains"

But then I'm whitelisting EVERYTHING coming through outlook.com. I don't
know how smart that would be.

Thoughts?

Attachments

  • No local attachments were found for this message.

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.