Stuck in the greylist

Vernon Schryver vjs@calcite.rhyolite.com
Tue Dec 23 17:31:06 UTC 2003


> From: "John R Levine" <johnl@iecc.com>

> It looks like some messages are stuck in the greylist forever. ...

> ...
> I wondered why the body and fuz1 counts were so low, so I diffed two
> copies of the message and found that Kodak appears to be regenerating the
> message on each try, which is a little peculiar but not particularly evil:

> ...
> 183c183
> <  <20031223110100.1C2E.41232-19608@email2.kodak.com></font>
> ---
> >  <20031223103100.1C45.41232-19608@email2.kodak.com></font>

I think it is evil.  How do you trace such a message?  If you step
back and do not look at the meaning of each message, then Kodak is
spewing bazillions of slightly different messages.  There is no
real technical justification for it.

> But my question is, why isn't this getting through?  The envelope is the
> same each time, which is what the doc says the greylist keys on.  Does it
> demand an identical body each time, too?

Yes.  I think http://www.dcc-servers.net/dcc/greylist.html says
as much, although perhaps not as explicitly as it might when it
talks about "the message" instead of "a message."

> I can whitelist this, of course, but I'm wondering if this is a bug or
> a feature.

Yes, each copy differs from all others.

It may be a bug, but it's certainly a feature. 

I see greylisting as "embargo all messages with a {sender,IP,target}
triple until a message has been persistently retransmitted.  Variations
like "embargo until the spammer has reused a {sender,IP,target} triple"
are weaker.


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.