 |
 |
Russell J. Lahti writes: > While I'm not an MSU mail admin, I do believe the scenario you > describe below works, and from my tests below, it doesn't > even look like it has to be to/from the same users even. > > First connection from an IP address shows the following banner: > > 220 grey00.mail.msu.edu ESMTP spamd IP-based SPAM blocker; Wed Apr 4 18:06:43 2007 > > Subsequent connection attempts all show the same banner.. until > around 7-8 minutes later, when the banner changes: > > 220 mx04.mail.msu.edu ESMTP Exim 4.63 Wed, 04 Apr 2007 18:14:52 -0400 > > At this point, it seems from/to tuples are completely ignored, and > only frequency of IP address/range connections to MSU's mail servers > is monitored. > > Perhaps someone from MSU's mail team could expand on that. > > -Russell > > Russell, It sounds like you've got the process down. I'll try to present some more details ... Initially, a triplet of data is stored: sender address, recipient address, and sending server's IP address. A server has to wait at least 5 minutes before retrying after the initial attempt to delivery a message. (At this point a temporary retry error is generated) After the sender retries, and the triplet of data matches up, the server is trusted for 36 days. The trust is based on the IP address at this point. So once someone from a particular server gets through the greylisting process, everyone else would benefit and not need to go through the process on that server. The process could be fooled by manually resending a message yourself instead of waiting for your e-mail server to retry delivery, as long as the triplet of data matches. If someone is having trouble with greylisting when calling the ACNS Help Desk, please provide us with the IP addresses of your sending servers in order to help troubleshoot issues. -Ed