max at militant.dk
Tue Feb 20 10:11:58 PST 2007
Paul Macdonald wrote:
> I've recently started using greylisting and whilst am obviously very
> impressed with the amount of spam that is caught i am starting to see
> some problems that i thought the list will likely have already
> I was surprised to find hotmail sending notification failures to
> senders without any attempt at a retry. This doesn;t seem to be the
> case across all hotmail email, but i've definately seen it in my
> tests. This obv falls into the category of bad mta's but is there a
> list maintained of major providers who won't behave?
I have an incomplete list but a list nonetheless. Mostly with google and
hotmail servers, and danish ISP's
> I'm also discovering some of the larger mail server farms out there
> have a scary amount of distinct mail servers with which to resend
> mail. I've started to whitelist them (both by IP and laterly via cidr
> notation) but even then i only see the subset of their network that
> appears in my logs.
I greylist based on ip c-class + FQDN - hostname. I create a file, and
compare to the next host attempting to connect. if they share domain
name and c-class, it's accepted as same smtp-farm. That does the trick
for all small smtp-farms
> The graylist implementation (graymilter) i'm using is only ip/cidr as
> i understand it, am i likely to alleviate some these problems by using
> an implementation that e.g has dns wildcards?
> I'd be keen to hear recommendations on which implementation list users
> with reasonable traffic levels prefer? ( > 5000 messages a day)
I try and see thorugh logfiles on a regluar basis, and see if any 'big
guys' are having trouble. If I see legit mail having trouble, I might
change my filters or might not.
> One last thing, i've just spent the afternoon hacking some code to
> produce some reports to help highlight any issues before the phone
> starts going, but i'm sure there will be some of those out there
> already, any recommendations?
Whitelist big ISP's smtp-out servers, and run a spamassassin opreation,
since spam do originate from hotmail.com and google, etc.
Just a thought if you are faced with impatient users.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3414 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.puremagic.com/pipermail/greylist-users/attachments/20070220/25fd7769/attachment.bin
More information about the Greylist-users