Re: Poor Man's Greylisting

• Previous message: Matt Fretwell: "Re: add blank line to postfix log"
• Maybe in reply to: Jorey Bump: "Poor Man's Greylisting"
• Next in thread: Victor Duchovni: "Re: Poor Man's Greylisting"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Wietse Venema wrote:

> If you're concerned about listing a primary MX record without valid
> A record, you could instead supply an IP address that immediately
> returns a TCP RESET. This could be done with a packet filter rule,
> or by giving a machine a second external IP address without an SMTP
> listener on it.

 From your point of view, which is the kindest to a connecting Postfix
MTA? In the event of an NXDOMAIN, Postfix appears to query for the IP
address of the next priority MX and gets on with business. At this
point, the speed of the resolver is the only performance issue, and the
DNS cache should speed things up, as well.

I'm having less success in determining the impact of trying to contact
an unresponsive host. For the moment, I'm more interested in reducing
the burden on the connecting host than in RFC-compliance. If this
technique became widespread, would these initial connection attempts be
a precious waste of time on a busy server, or is the effect negligible?
Does SMTP connection caching help in this case?

• Previous message: Matt Fretwell: "Re: add blank line to postfix log"
• Maybe in reply to: Jorey Bump: "Poor Man's Greylisting"
• Next in thread: Victor Duchovni: "Re: Poor Man's Greylisting"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]