[Greylist-users] Up and running on the real sever - and I have some questions

Dennis Wynne DWYNNE at equinoxis.com
Wed Feb 15 09:39:00 PST 2006 

I put the new anti-SPAM server in front of the real server yesterday 
afternoon and things (to me) are humming right along.  One thing I noticed 
is the SPAMmers don't pick up on the change to the MX records and keep 
sending a good bit to the old server - while legit servers quickly started 
using the new server.  In a few days if this keeps up I will just block all 
outside connections to the old server. Between the time I changed the MX 
records and this morning I got about 20 SPAMs (a really low count for me) 
and NONE - ZERO - of them came through the new server.

I am getting some push-back from some of the users so I have some questions.

1) What timeout period does everyone use?  Anyone done a study about the 
various times?  If SPAMmers "never" retry then 5 minutes would be long 
enough. Do you block more SPAM setting it to around an hour than you do 
setting it for 5 minutes?  Seems like if a SPAM box does any retries at all 
it will get through and all you are doing is just delaying legit mail.

2) I block all un-known users before relaydelay sees them, so the only "to:" 
addresses that get looked up and inserted in MySQL are legit users.  Any 
thoughts to changing the scripts to run not against the triplet of from:, 
to:, and IP to just from: and IP?  This makes sense to me, since if I 
routinely accept messages from bob at domain.com and I ask him to e-mail a 
co-worker I would think it would be OK for bob's mail to go through w/o a 
delay. Ditto for things like CNN news e-mails. Once one of them to any user 
has been accepted, no need to delay the others if they are all from the same 
IP - is there?  Anyone done this and can share the changes?

3) Does anyone use a bypass method when an e-mail just "has to get through" 
?  Say a customer has a mail server that never retries, or does not retry 
for 4 hours and I NEED to let an e-mail though.  Should I configure a 
non-published username that I could let bypass relaydelay and have the mail 
get through?  I know some systems have a "password" you can put in the 
subject line to bypass their SPAM filters - but that would not work with the 
greylist.

4) Does anyone have any reporting scripts that they can share?  My users 
would like me to give them a report of any mail that was seen, but not 
passed (no retires in the allowed time) so they can see if they missed 
anything. I think I could do these myself, but I am hoping someone already 
has done some report stuff and will share it. Any other reports would be 
nice as well - and if there is a way to serve them up HTTP for local users 
that would be even better.


Thanks in advance for your thoughts,
Dennis

More information about the Greylist-users mailing list