[Mailman-Users] Mailman postings deferred by Yahoo

[Attila Kinali]

On Thu, 21 Feb 2008 08:48:38 +0900
"Stephen J. Turnbull" <stephen at xemacs.org> wrote:

> Attila Kinali writes:
> 
>  > > This is just selective greylisting, which lots of sites use as a
>  > > blanket policy.
>  > 
>  > It's definitly not greylisting. Our server sends out a few dozen mails
>  > a day on the low traffic lists to a few hundred on the high traffic ones.
>  > Any greylisting that is half way sanely implemented should know after
>  > the second mail that the server is a legitimate sender.
> 
> Well, maybe.  That is harder than it sounds to scale, though.  The
> problem is that Yahoo has a lot of MXes, each handling hundreds of
> thousands or millions of messages per day, and they're going to need
> to propagate the greylist database to all of them somehow.  It's a
> solvable problem, but nontrivial.

It's still not graylisting. For one thing, i get the follwoing error
message:
---
Feb 19 06:51:52 natsuki postfix/smtp[5564]: 205153B3B3: host g.mx.mail.yahoo.com
[209.191.88.239] refused to talk to me: 421 4.7.0 [TS01] Messages from 213.144.138.186
temporarily deferred due to user complaints - 4.16.55.1; see
http://postmaster.yahoo.com/421-ts01.html
---

The "refused to talk to me" makes it clear that my server didn't even get
a greeting, but above error message instead. So, yahoo doesn't even know
who the sender or recipient is. Ie, the whole thing is IP based.

For another thing, we send so many mails out, per day, that the probability
that we hit a server with the same envelope from/to twice in a day is nearly 1.


> If you're using exim -qff, you also may be running into a problem of
> hammering on their MXes too frequently; many greylisting algorithms
> don't like that.

And it isn't nice for all the other mail servers. There is a reason
why MTAs usualy implement an exponential back off if mail cannot be delivered.

So, no, i'm not doing that and never will.

 
> BTW, do you think they're lying about the user complaints?

Yes. See my other mail about that.


>  > I'd rather say [Yahoo] have no clue at all. 
> 
> The problem that Yahoo faces is that not only is their hardware
> distributed, so is their wetware.  It's a lot easier for one person to
> handle a few clues about the easy problems that one person can handle
> than for an organization to deal with many clues about the much harder
> problems of scaling to Yahoo size.

I know it's not easy. I see what kind of problems i have with only
one domain. But yahoo could at least talk to me in a proper way so
that we could find a solution together.

> Domain keys are per-message cryptographic signatures, too.  And as for
> 200K mails per day, is that 200K *posts* per day, or more like 2000
> posts per day going to 100 recipients each, or even better yet, 200
> posts/day going to 1000 recipients each?  And which would you rather
> do: save a few CPU cycles, or reliably get your mail through?  Maybe
> the usual variants on PGP are too expensive, but something weaker will
> do until the spammers catch on, by which time you can hope that
> everybody has enough CPU, and so on.


It's 1-400 mails/day on mailinglists ranging between 10 and 1500
subscribers. And be carefull with such callculations. A lot of 
things do not scale as good as we might think. The server in
question has one year average load of 0.40, with about 40-50%
of the CPU usage being spend on mailman (yes, mailman, 
not spamassasin or anything else). And it's not a small machine
either.

 
> I know that the conventional wisdom that signing mail is very
> expensive is well-justified, but on the other hand you have to
> remember that there's a difference between "very" and "too" expensive.

Too expensive for us.


			Attila Kinali

-- 
Praised are the Fountains of Shelieth, the silver harp of the waters,
But blest in my name forever this stream that stanched my thirst!
                         -- Deed of Morred