[Greylist-users] relaydelay

Max Andersen max at militant.dk
Tue Feb 20 10:11:58 PST 2007


Paul Macdonald wrote:
> Hi,
>
> I've recently started using greylisting and whilst am obviously very 
> impressed with the amount of spam that is caught i am starting to see 
> some problems that i thought the list will likely have already 
> encountered.
>
> I was surprised to find hotmail sending notification failures to 
> senders without any attempt at a retry.  This doesn;t seem to be the 
> case across all hotmail email, but i've definately seen it in my 
> tests. This obv falls into the category of bad mta's but is there a 
> list maintained of major providers who won't behave?

I have an incomplete list but a list nonetheless. Mostly with google and 
hotmail servers, and danish ISP's

> I'm also discovering some of the larger mail server farms out there 
> have a scary amount of distinct mail servers with which to resend 
> mail.  I've started to whitelist them (both by IP and laterly via cidr 
> notation) but even then i only see the subset of their network that 
> appears in my logs. 

I greylist based on ip c-class + FQDN - hostname. I create a file, and 
compare to the next host attempting to connect. if they share domain 
name and c-class, it's accepted as same smtp-farm. That does the trick 
for all small smtp-farms

> The graylist implementation (graymilter) i'm using is only ip/cidr  as 
> i understand it, am i likely to alleviate some these problems by using 
> an implementation that e.g has dns wildcards?
>
> I'd be keen to hear recommendations on which implementation list users 
> with reasonable traffic levels prefer? ( > 5000 messages a day)

I try and see thorugh logfiles on a regluar basis, and see if any 'big 
guys' are having trouble. If I see legit mail having trouble, I might 
change my filters or might not.

> One last thing, i've just spent the afternoon hacking some code to 
> produce some reports to help highlight any issues before the phone 
> starts going, but i'm sure there will be some of those out there 
> already, any recommendations?

Whitelist big ISP's smtp-out servers, and run a spamassassin opreation, 
since spam do originate from hotmail.com and google, etc.

Just a thought if you are faced with impatient users.

Sincerely
Max
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3414 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.puremagic.com/pipermail/greylist-users/attachments/20070220/25fd7769/attachment.bin 


More information about the Greylist-users mailing list