[Greylist-users] recommendations for dual MX system?

Mon May 2 11:40:18 PDT 2005

> I use greylist-milter prior to mimedefang/spamassassin.  It's nice to 
> keep them separate, as the config files aren't so damn complicated.  
> It's really a chore to upgrade all that stuff without breaking mail...

One advantage of the way I wrote my own spam filter - and also of
the way that spamd works, although somewhat different in style - is
that the greylist host doesn't need to store & forward.  And unfortunately
I don't have control of the final delivery MTA, and if I did, it
would be running a proprietary mailer that I couldn't add greylisting
to directly (whether it was our VMS server, our oracle Server, or
our Exchange server - same story on all of them.  If I were the mail
admin I'd ditch all three of them and set up an Unix server with
sendmail or postfix :-)  So a solution that relies on a full MTA
in the middle is not my first choice, though it may be forced
upon me.

> I have two mx servers (pref=10 and pref=20), so the lower score mx 
> handles most of the real traffic, and the higher score handles much of 
> the pure spam.  Why?  Because spammers expect you'll do a better job on 
> your primary, and any honorable mail server would naturally send to the 
> primary when everything's working correctly.  Spamware is smart enough 
> to try the back door.

I know, that was part of Mark's suggestion.  Although I did run our
campus MX's like this for a week and I *did* see a lot of legit mail
coming in via that backup server, which surprised me.  However part
of the reason for that may have been that the servers were both rejecting
connections any time the load average rose above 2.0 - this was a
defensive measure I'ld set up because early testing showed that when
a server was overloaded, it was unusable for far longer than if it
was never allowed to overload in the first place.  But I digress...

> greylist-milter doesn't use a mysql database--it keeps the triplets in 
> memory, but writes out a database file every so often.  It is very 
> configurable, and quite simple to set up.  It supports syncronizing 
> between MX hosts for the greylist database.  It also supports loose 
> matches for mail farms (like google, amazon, yahoo and anyone else that 

Coincidentally I happened across this link today:
   http://www.monkey.org/openbsd/archive/tech/0410/msg00238.html
which does the same thing for spamd. (or maybe not the same thing.
What this does is let you widen the IP using a netmask, eg instead of
entering 192.168.42.34 in your database, you would enter 192.168.42.0/24)

> has a zillion bucks).  Remember that greylisting is to catch the 
> spamware that doesn't resend.  Spammers on AOL and yahoo get the benefit 
> of mail farms that will resend.
>
> Does that sound like what you want?

Yes, that does sound more like what I need, although again before rushing
into anything totally different, I'm going to wait a little longer to see
if an easy spamd solution presents itself.

> PS Beware the greylist databases that use PERL DB_File from within 
> mimedefang (or otherwise).  My experience has been that the on disk 
> database becomes corrupt after a period of time, and everything ends up 
> getting tempfailed.

I have had similar bad experiences with the databases used internally
by spamprobe.  The author of that program has tried a few.  I think his
current solution is "pbl" which (knock on wood) hasn't become corrupted
for any of us yet.

Graham