Milter-greylist

Look at the default configuration:

greylist 30m
autowhite 1d

Consider the following scenario:

1. sender@... sends an email M1 to rcpt@... at
0:00 and gets delayed by milter-greylist.

2. sender@... sends another email M2 at 0:40 and gets
accepted. The triplet (IP, sender, rcpt) is added into autowhitelist.

3. The triplet is expired at 24:40.

4. The sender's MTA resends the first email M1 at 25:00 and gets
delayed again.

5. sender@... sends yet another email M3 at 25:40 and gets
accepted. The triplet is added again into autowhitelist.

6. The triplet is expired at 49:40.

7. The sender's MTA resends the first email M1 at 50:00 and gets
delayed again.

If above scenario were repeated, the first email M1 whould not
delivered and finally bounces to the sender. Lesson: autowhitelist
should have enough long lifetime, for example 5 days.

Just FYI.

> If above scenario were repeated, the first email M1 whould not
> delivered and finally bounces to the sender. Lesson: autowhitelist
> should have enough long lifetime, for example 5 days.

This kind of thing is one of the reason I proposed not to have two
separate list: one for autowhite and of for pending in my mail dates back
to 21st of October 2005.

Bests,
Attila

AIDA Shinra wrote:
 > Look at the default configuration:
 > 
 > greylist 30m
 > autowhite 1d

Uh, only 1d is the default for autowhite?
That's pretty low.

 > Consider the following scenario:
 > [...]
 > If above scenario were repeated, the first email M1 whould not
 > delivered and finally bounces to the sender. Lesson: autowhitelist
 > should have enough long lifetime, for example 5 days.

That's true.  The problem you described can happen if the
"autowhite" value is shorter than the "timeout" value.
I've set both to 5d and didn't have any problems.

The documentation should mention that the "autowhite"
setting should be at least as long as the "timeout"
setting (or longer, of course), and the default values
should obey that.

Best regards
   Oliver

-- 
Oliver Fromme,  secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.

Passwords are like underwear.  You don't share them,
you don't hang them on your monitor or under your keyboard,
you don't email them, or put them on a web site,
and you must change them very often.

Oliver Fromme wrote:
> 
> 
> 
> AIDA Shinra wrote:
>  > Look at the default configuration:
>  >
>  > greylist 30m
>  > autowhite 1d
> 
> Uh, only 1d is the default for autowhite?
> That's pretty low.
> 
>  > Consider the following scenario:
>  > [...]
>  > If above scenario were repeated, the first email M1 whould not
>  > delivered and finally bounces to the sender. Lesson: autowhitelist
>  > should have enough long lifetime, for example 5 days.
> 
> That's true. The problem you described can happen if the
> "autowhite" value is shorter than the "timeout" value.
> I've set both to 5d and didn't have any problems.
> 
> The documentation should mention that the "autowhite"
> setting should be at least as long as the "timeout"
> setting (or longer, of course), and the default values
> should obey that.
> 
> Best regards
> Oliver

Computers are cleverer than mere mortals, so let milter-greylist do that 
consistency checking for us.

Milter-greylist should use max(specified_autowhite,timeout) as the 
autowhite value, put a warning message into the log, and continue.

Add documentation which states that that's how it will be, and it's 
goof-proof (well, at least consistent in a way which won't unnecessarily 
loose mails).

Phil

Tere.
>
> Uh, only 1d is the default for autowhite?
> That's pretty low.
>
>
>   
Why low? Actually I'm using in some computers greylist 15m, timeout & 
autowhite 3h, but seems that greylist/timeout/autowhite should be 
related, if greylist is long, then so should be timeout & autowhite. But 
if greylist is short, for example 5m, then I'd set timeout 3h and 
autowhite 0, as this small continius delay wont bother anyone, knowing, 
that most email clients have default 30 min receive interval anyway.



-- 
Mart

> Computers are cleverer than mere mortals, so let milter-greylist do that
> consistency checking for us.
> Milter-greylist should use max(specified_autowhite, timeout) as the
> autowhite value, put a warning message into the log, and continue.
> Add documentation which states that that's how it will be, and it's
> goof-proof (well, at least consistent in a way which won't unnecessarily
> loose mails).
> Phil

How about following behaviour? (autowhite=1d, timeout=5d)

1. Return 451 against an email at 0:00.
2. Accept the retried email at 0:20 and add the sender to
autowhitelist whose expiration date is 120:20.
3. Receive another email at 50:00. No change.
4. Receive another email at 110:00. The expiration date is postponed
to 134:00.

Phil Randal wrote:
 > Oliver Fromme wrote:
 > > That's true. The problem you described can happen if the
 > > "autowhite" value is shorter than the "timeout" value.
 > > I've set both to 5d and didn't have any problems.
 > > 
 > > The documentation should mention that the "autowhite"
 > > setting should be at least as long as the "timeout"
 > > setting (or longer, of course), and the default values
 > > should obey that.
 > 
 > Computers are cleverer than mere mortals, so let milter-greylist do that 
 > consistency checking for us.

I hate programs that try to be cleverer than me.  There
are already too many of those.

 > Milter-greylist should use max(specified_autowhite,timeout) as the 
 > autowhite value, put a warning message into the log, and continue.

No.  It should use exactly the values I tell it to use.
Producing a warning message is OK, of course.  That's 
exactly what milter-greylist's -c option is good for.

Best regards
   Oliver

-- 
Oliver Fromme,  secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.

"C++ is the only current language making COBOL look good."
        -- Bertrand Meyer