On Thu, 21 Feb 2008 08:48:38 +0900 "Stephen J. Turnbull" <stephen@xemacs.org> wrote:
Attila Kinali writes:
This is just selective greylisting, which lots of sites use as a blanket policy.
It's definitly not greylisting. Our server sends out a few dozen mails a day on the low traffic lists to a few hundred on the high traffic ones. Any greylisting that is half way sanely implemented should know after the second mail that the server is a legitimate sender.
Well, maybe. That is harder than it sounds to scale, though. The problem is that Yahoo has a lot of MXes, each handling hundreds of thousands or millions of messages per day, and they're going to need to propagate the greylist database to all of them somehow. It's a solvable problem, but nontrivial.
It's still not graylisting. For one thing, i get the follwoing error message:
Feb 19 06:51:52 natsuki postfix/smtp[5564]: 205153B3B3: host g.mx.mail.yahoo.com [209.191.88.239] refused to talk to me: 421 4.7.0 [TS01] Messages from 213.144.138.186 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html
The "refused to talk to me" makes it clear that my server didn't even get a greeting, but above error message instead. So, yahoo doesn't even know who the sender or recipient is. Ie, the whole thing is IP based.
For another thing, we send so many mails out, per day, that the probability that we hit a server with the same envelope from/to twice in a day is nearly 1.
If you're using exim -qff, you also may be running into a problem of hammering on their MXes too frequently; many greylisting algorithms don't like that.
And it isn't nice for all the other mail servers. There is a reason why MTAs usualy implement an exponential back off if mail cannot be delivered.
So, no, i'm not doing that and never will.
BTW, do you think they're lying about the user complaints?
Yes. See my other mail about that.
I'd rather say [Yahoo] have no clue at all.
The problem that Yahoo faces is that not only is their hardware distributed, so is their wetware. It's a lot easier for one person to handle a few clues about the easy problems that one person can handle than for an organization to deal with many clues about the much harder problems of scaling to Yahoo size.
I know it's not easy. I see what kind of problems i have with only one domain. But yahoo could at least talk to me in a proper way so that we could find a solution together.
Domain keys are per-message cryptographic signatures, too. And as for 200K mails per day, is that 200K *posts* per day, or more like 2000 posts per day going to 100 recipients each, or even better yet, 200 posts/day going to 1000 recipients each? And which would you rather do: save a few CPU cycles, or reliably get your mail through? Maybe the usual variants on PGP are too expensive, but something weaker will do until the spammers catch on, by which time you can hope that everybody has enough CPU, and so on.
It's 1-400 mails/day on mailinglists ranging between 10 and 1500 subscribers. And be carefull with such callculations. A lot of things do not scale as good as we might think. The server in question has one year average load of 0.40, with about 40-50% of the CPU usage being spend on mailman (yes, mailman, not spamassasin or anything else). And it's not a small machine either.
I know that the conventional wisdom that signing mail is very expensive is well-justified, but on the other hand you have to remember that there's a difference between "very" and "too" expensive.
Too expensive for us.
Attila Kinali
-- Praised are the Fountains of Shelieth, the silver harp of the waters, But blest in my name forever this stream that stanched my thirst! -- Deed of Morred