IETF Logo Mail Archive

Re: [apps-discuss] Comments on draft-ietf-appsawg-greylisting-04

"Murray S. Kucherawy" <msk@cloudmark.com> Tue, 21 February 2012 19:02 UTC

Return-Path: <msk@cloudmark.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5ACC21F88A2 for <apps-discuss@ietfa.amsl.com>; Tue, 21 Feb 2012 11:02:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.594
X-Spam-Level:
X-Spam-Status: No, score=-102.594 tagged_above=-999 required=5 tests=[AWL=0.005, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dvCgrJqW46Xt for <apps-discuss@ietfa.amsl.com>; Tue, 21 Feb 2012 11:02:55 -0800 (PST)
Received: from ht1-outbound.cloudmark.com (ht1-outbound.cloudmark.com [72.5.239.25]) by ietfa.amsl.com (Postfix) with ESMTP id 2978B21F8897 for <apps-discuss@ietf.org>; Tue, 21 Feb 2012 11:02:55 -0800 (PST)
Received: from malice.corp.cloudmark.com (172.22.10.71) by exch-htcas901.corp.cloudmark.com (172.22.10.73) with Microsoft SMTP Server (TLS) id 14.1.355.2; Tue, 21 Feb 2012 11:02:54 -0800
Received: from EXCH-C2.corp.cloudmark.com ([172.22.1.74]) by malice.corp.cloudmark.com ([172.22.10.71]) with mapi; Tue, 21 Feb 2012 11:02:54 -0800
From: "Murray S. Kucherawy" <msk@cloudmark.com>
To: "apps-discuss@ietf.org" <apps-discuss@ietf.org>
Date: Tue, 21 Feb 2012 11:02:56 -0800
Thread-Topic: [apps-discuss] Comments on draft-ietf-appsawg-greylisting-04
Thread-Index: Aczt9eErj7RXBW1lSZeYvirwTcvEKQC1Ttjw
Message-ID: <F5833273385BB34F99288B3648C4F06F19C9A7DE4A@EXCH-C2.corp.cloudmark.com>
References: <20120217202633.73871.qmail@joyce.lan> <20120218042848.90000.qmail@joyce.lan>
In-Reply-To: <20120218042848.90000.qmail@joyce.lan>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [apps-discuss] Comments on draft-ietf-appsawg-greylisting-04
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Feb 2012 19:02:55 -0000

> -----Original Message-----
> From: apps-discuss-bounces@ietf.org [mailto:apps-discuss-bounces@ietf.org] On Behalf Of John Levine
> Sent: Friday, February 17, 2012 8:29 PM
> To: apps-discuss@ietf.org
> Subject: Re: [apps-discuss] Comments on draft-ietf-appsawg-greylisting-04
> 
> Looks pretty good.  A few minor points:
> 
> In section 3, I think that you should point out that a in a successful
> greylister, all the regular correspondents will be whitelisted, so the
> only mail that is delayed is mail from an IP that has never sent mail
> before, or sent mail so long ago that it's fallen out of the whitelist.
> In mail systems I've used, the vast majority of mail comes from places
> on the whitelist, so after a training period (which you can fake by
> watching traffic before you turn on the greylister and seed the
> whitelist with all the addresses you've seen) only a small proportion
> of mail should be affected.

I've added this paragraph to the bottom of Section 3:

   Presuming that known friendly senders will be manually configured as
   exceptions to the greylisting check, a steady state will eventually
   be reached wherein the only mail that is delayed is mail from an IP
   address that has never sent mail before.  Experience suggests that
   the, the vast majority of mail comes from places on such a developed
   exception list, so after a training period, only a small proportion
   of mail is actually affected.  The training period could be replaced
   by processing a history of email traffic and adding the IP addresses
   from which most traffic arrives to the exception list.

Does that cover it?

> In section 3 and again in section 9.2, it refers to the size of the
> database.  My total database is under 40,000 entries, including 92
> IPv6 addresses.  I expect a larger system would have a larger database,
> but it would be a pretty feeble server that would have trouble with a
> table even ten times that size.  My manual whitelist has 62 entries,
> mostly CIDR ranges, probably half of which are stale but there's not
> much incentive to clean it out.

Added this to the end of 9.2, same question:

   In practice, this has not appeared as a serious concern, because any
   reasonable aging policy successfully moderates database growth.  It
   is nevertheless identified here as a consideration as there may be
   implementations in some environments where this is indeed an issue.

v2.23.0 | Report a Bug | By Email