I see that it is now available as a download:

 http://www.ararat.cz/download/graywall.pdf

[quote user="GLM"]

[/quote]

I was informed that it is not yet written. So it's not available at all. Perhaps someday.....

If you ask the questions, we'll try to answer them or get to Lukas to get them answered for you.  GrayWall has been the single best tool I've implemented in reducing spam from even making it into my system at all.

[quote user="GLM"]

Why is the Minimum retry time for unlock in minutes? defaulted to 10 minutes?  Wouldn't it be better to set it at 1 minute?  Also, why would you want a Successrul unlock to expire, ever?  Wouldn't it be better to allow an unlocked email address to remain unlocked forever?

 Thanks
 

[quote user="MikePreston"]

Why is the Minimum retry time for unlock in minutes? defaulted to 10 minutes?  Wouldn't it be better to set it at 1 minute?[/quote]

Why not use minutes? Is this a complaint?

You should feel free to change it to a time interval with which you are comfortable.  I use 5 minutes.  But 10 minutes works fine also.  Would 1 minute work?  Probably less well than 5 or 10, but I really haven't studied it well enough to determine.  But, 5 minutes is sufficient in my environment.

[quote]  Also, why would you want a Successrul unlock to expire, ever?  Wouldn't it be better to allow an unlocked email address to remain unlocked forever?[/quote]

 
If someone isn't sending  you any email, why shouldn't it expire at some point?  If there is an unlock and that person regularly sends you email, it won't expire.

[quote user="roryk"]

Why not use minutes? Is this a

complaint?[/quote]Not at all.  Just trying to understand the reasoning

behind the default settings. 

[quote user="roryk"]You should feel

free to change it to a time interval with which you are comfortable.  I

use 5 minutes.  But 10 minutes works fine also.  Would 1 minute work? 

Probably less well than 5 or 10, but I really haven't studied it well

enough to determine.  But, 5 minutes is sufficient in my

environment.[/quote]Well, this goes to the heart of my question.  I

don't understand why one might be better than the other.  It seems we

are making an assumption that a spammer will not send through a message

from the same address within a specific window of time, but that a

non-spammer will.  Our job is to define that window so that the

non-spammer's response fits in there, but the spammer won't "find" the

window and exploit it.  Do I have that right?  If so, I can understand

why you would want a long enough "minimum retry time for unlock" so

that the spammer doesn't fit within the window merely by sending two

messages to each address the first of which is caught by GW and the

second of which serves to unlock GW.  But the thing I'm trying to get a

handle on is what is the expectation for mail servers legitimately

turning around and re-trying a rejected message?  Is that something

that each individual mail server sets differently?  Is there an

industry standard?  I've read the comments so far and I understand that

most retries take place within 60 minutes.

[quote]  Also, why

would you want a Successrul unlock to expire, ever?  Wouldn't it be

better to allow an unlocked email address to remain unlocked

forever?[/quote]

[quote user="roryk"]If someone isn't sending 

you any email, why shouldn't it expire at some point?  If there is an

unlock and that person regularly sends you email, it won't

expire.[/quote][/quote]When you are a service provider, if one of your

clients' employees send you email, you want that email address unlocked

forever and ever.  There is absolutely no reason to have them suffer

through another "qualification" process even if it is two years (or

more!) since they last sent you an email.

Thanks for the information.

I'm

thinking of writing a program that allows folks an easy method of

moving from graywalling to whitelisting.  Since gwexlist.txt is nothing

more than a text file, it should be a simple matter to write a program

that will take an email message addressed to an alias of some choosing

(for example: addtowhitelistx994323@mydomain.com) formatted to have one

entry per line (as one would expect in gwexlist.txt) and:

 a) first see if each entry in the email already exists within gwexlist.txt

b) if it doesn't exist add it to it

Then

all I have to do is get in the habit of sending mail to that particular

alias. Perhaps a permanent bcc: would do that trick.

My only

concern is that if Mercury is processing against gwexlist.txt at the

same moment that my program is modifying it, will it cause Mercury to

crash?  I guess I'll find out.
 

[quote user="MikePreston"][quote user="roryk"]

Why not use minutes? Is this a

complaint?[/quote]Not at all.  Just trying to understand the reasoning

behind the default settings. 

[quote user="roryk"]You should feel

free to change it to a time interval with which you are comfortable.  I

use 5 minutes.  But 10 minutes works fine also.  Would 1 minute work? 

Probably less well than 5 or 10, but I really haven't studied it well

enough to determine.  But, 5 minutes is sufficient in my

environment.[/quote]Well, this goes to the heart of my question.  I

don't understand why one might be better than the other.  It seems we

are making an assumption that a spammer will not send through a message

from the same address within a specific window of time, but that a

non-spammer will.  Our job is to define that window so that the

non-spammer's response fits in there, but the spammer won't "find" the

window and exploit it.  Do I have that right?  If so, I can understand

why you would want a long enough "minimum retry time for unlock" so

that the spammer doesn't fit within the window merely by sending two

messages to each address the first of which is caught by GW and the

second of which serves to unlock GW.  But the thing I'm trying to get a

handle on is what is the expectation for mail servers legitimately

turning around and re-trying a rejected message?  Is that something

that each individual mail server sets differently?  Is there an

industry standard?  I've read the comments so far and I understand that

most retries take place within 60 minutes.[/quote]

 There is no standard that I know of.
 

[quote user="MikePreston"]When you are a service provider, if one of your

clients' employees send you email, you want that email address unlocked

forever and ever.  There is absolutely no reason to have them suffer

through another "qualification" process even if it is two years (or

more!) since they last sent you an email.[/quote]

 "Suffer"?  That is a bit dramatic in my opinion.  The qualification process just happens, no one is even aware it is going on.  No intervention is necessary and certainly mail servers go off-line all the time resulting in similar small delays to delivery of email.

Thanks for the reply.  I think I understand the issues.

In my world, if a client is trying to send me an email (and for this purpose, I am thinking of that employee who hasn't sent me an email in 2 years) and I'm waiting at this end to get it, if he presses "send" and then it goes into the authentication loop as defined by graywall, the word "suffer" is precisely correct.  From their perspective, they are an existing client and they sent me email from that same email address once, why shouldn't it work again?  Why should their email have to wait for some unspecified period of time (the retry time associated with their server, which they probably don't even have a clue how it is set)?

This is NOT a complaint about graywall.  I think it is GREAT.  I just want to make sure I implement it properly and understand its ramifications.

I think this screams for a solution that automatically adds addresses to the gwexlist.txt file in some fashion. I'll start to work on that.

Thanks again.