[Greylist-users] Greylisting is great but...

Scott Nelson scott at spamwolf.com
Thu Dec 2 09:28:09 PST 2004

At 09:33 AM 12/1/2004 -0800, Steven Grimm wrote:
>Cami wrote:
>> Certain greylisting implementations provide automatic
>> whitelisting of MTA's when they deliver more than X
>> 'authenticated' triplets. (At least my implementation does,
>> i got the idea from Wietse Venema). 
>What is a good value for X? I'm having a hard time coming up with a 
>scenario where you'd want it to be greater than 1, especially if you 
>don't whitelist just the sender's IP address, but rather the (IP 
>address, sender domain) pair.

The biggest problem with "1" is viruses.
An infected host will spew forth thousands of viruses all with
random froms.  A small number will actually be repeats, 
and those get through.  If you whitelist on 1 sucessful delivery, 
then they all get through after that.

Better than X, is "X without any strangers between."
Then X can be pretty small, 3 or maybe even 2.

You'll still need to hand whitelist some things (or live with the delay).
Some mailing lists use VERP so every message is from a "stranger".
(Greylisting catches most of these, but not all.)

Scott Nelson <scott at spamwolf.com>

More information about the Greylist-users mailing list