[Greylist-users] Up and running on the real sever - and I have some questions
DWYNNE at equinoxis.com
Wed Feb 15 09:39:00 PST 2006
I put the new anti-SPAM server in front of the real server yesterday
afternoon and things (to me) are humming right along. One thing I noticed
is the SPAMmers don't pick up on the change to the MX records and keep
sending a good bit to the old server - while legit servers quickly started
using the new server. In a few days if this keeps up I will just block all
outside connections to the old server. Between the time I changed the MX
records and this morning I got about 20 SPAMs (a really low count for me)
and NONE - ZERO - of them came through the new server.
I am getting some push-back from some of the users so I have some questions.
1) What timeout period does everyone use? Anyone done a study about the
various times? If SPAMmers "never" retry then 5 minutes would be long
enough. Do you block more SPAM setting it to around an hour than you do
setting it for 5 minutes? Seems like if a SPAM box does any retries at all
it will get through and all you are doing is just delaying legit mail.
2) I block all un-known users before relaydelay sees them, so the only "to:"
addresses that get looked up and inserted in MySQL are legit users. Any
thoughts to changing the scripts to run not against the triplet of from:,
to:, and IP to just from: and IP? This makes sense to me, since if I
routinely accept messages from bob at domain.com and I ask him to e-mail a
co-worker I would think it would be OK for bob's mail to go through w/o a
delay. Ditto for things like CNN news e-mails. Once one of them to any user
has been accepted, no need to delay the others if they are all from the same
IP - is there? Anyone done this and can share the changes?
3) Does anyone use a bypass method when an e-mail just "has to get through"
? Say a customer has a mail server that never retries, or does not retry
for 4 hours and I NEED to let an e-mail though. Should I configure a
non-published username that I could let bypass relaydelay and have the mail
get through? I know some systems have a "password" you can put in the
subject line to bypass their SPAM filters - but that would not work with the
4) Does anyone have any reporting scripts that they can share? My users
would like me to give them a report of any mail that was seen, but not
passed (no retires in the allowed time) so they can see if they missed
anything. I think I could do these myself, but I am hoping someone already
has done some report stuff and will share it. Any other reports would be
nice as well - and if there is a way to serve them up HTTP for local users
that would be even better.
Thanks in advance for your thoughts,
More information about the Greylist-users