[Greylist-users] Greylisting is great but...
Scott Nelson
scott at spamwolf.com
Thu Dec 2 09:28:09 PST 2004
At 09:33 AM 12/1/2004 -0800, Steven Grimm wrote:
>Cami wrote:
>
>> Certain greylisting implementations provide automatic
>> whitelisting of MTA's when they deliver more than X
>> 'authenticated' triplets. (At least my implementation does,
>> i got the idea from Wietse Venema).
>
>What is a good value for X? I'm having a hard time coming up with a
>scenario where you'd want it to be greater than 1, especially if you
>don't whitelist just the sender's IP address, but rather the (IP
>address, sender domain) pair.
>
The biggest problem with "1" is viruses.
An infected host will spew forth thousands of viruses all with
random froms. A small number will actually be repeats,
and those get through. If you whitelist on 1 sucessful delivery,
then they all get through after that.
Better than X, is "X without any strangers between."
Then X can be pretty small, 3 or maybe even 2.
You'll still need to hand whitelist some things (or live with the delay).
Some mailing lists use VERP so every message is from a "stranger".
(Greylisting catches most of these, but not all.)
Scott Nelson <scott at spamwolf.com>
More information about the Greylist-users
mailing list