On Thu, Mar 17, 2005 at 10:59:19AM +0100, Mads Martin Joergensen wrote:
> So if any of you are running lists on sendmail and want to use VERP as
> well, you might want to have a look at the work Andreas Barisan did.
> He's using mlmmj with verp enabled sendmail:
Seeing as I'm just running into a lot of VERP problems I thought I'd see
what experience other list managers are having. I'm implementing
greylisting for users at Keele as an anti-spam measure.
A quick description of greylisting is that a mail server takes a look at the
sender address and recipient address and the IP number of the
sender and takes a look to see if that combination has been seen before. If
it hasn't then a temporary failure code is returned to force the sending
mail system to retry at a later date. This block remains in force for an
hour. After an hour the mail system will then accept the mail and whitelist
the sender, recipient and IP triplet for about a month. If that triplet is
seen again then the whitelist is extended each time. The idea being that if
there's normal traffic between two mail addresses then they quickly become
whitelisted and no further delays occur.
It has a high success rate as it neatly stops all the current spam software
running on PC's as they (at present) do not have queue enabled MTA's and so
never retry a temporary failure. If they do develop queue enbaled software
then we still win because we have roughly 1 hour to detect a spamming PC and
get it on an RBL before they call back to our mail server. If spammers
start using ISP's to spam from to get a queuing mechanism then they will end
up on spamcop and we block them there.
The problem with greylisting is that VERP enabled mailing lists always fall
foul of the greylist and never get themselves whitelisted. Normal mailing
lists like mailman do not have this problem and very quickly become
As I've implemented greylisting it has become obvious that there are quite a
few VERP enabled mailing lists out there that are now getting 1 hour delays
from Keele. What's worse is that some seem to use a unique sender for every
attempt to send the mail and therefore never get a mail to us because we
never see the same sender twice. Even worse than that, there are sites, such
as yahoo groups, which seem to take a temporary failure as a permanant
failure and throw the message away.
As the number of sites that are greylisting increases I have some doubts as
to whether VERP has a future in its current form.
______ jonathan @
uk Jonathan Knight,
/ Department of Computer Science
/ _ __ Telephone: +44 1782 583437 University of Keele, Keele,
(_/ (_) / / Fax : +44 1782 713082 Staffordshire. ST5 5BG. U.K.