On Sun, 2010-06-27 at 10:16 +0930, Tim wrote: > On Sun, 2010-06-27 at 08:24 +0800, Ed Greshko wrote: > > A well written greylisting milter will utilize a database to maintain > > a list of sending MTAs that have retried. Additionally, the good > > milters will have the ability to specify whitelists and blacklists. > > But, even if you don't do the work to populate the lists this mostly > > results in only the very first message sent by a "trusted" MTA being > > delayed. After the initial start-up, training period normal > > communication proceeds without delay. > > Where greylisting, typically, becomes a cropper is when some *BIG* > service like Yahoo tries to mail you, gets grey listed, and it spits the > dummy about not being able to post (some do get pernickity about it, > with a low threshold for suspending posts that didn't immediately get > through). > > Or, when it retries, the retry comes from a different server than the > first attempt, so that gets greylisted. And your message plays "hot > potato" through several different servers, each one getting separately > greylisted. If you're lucky, eventually it comes back through one that > your server will allow. If you're not, it'll go through so many > attempts that your server disallows it for taking too long, or their > server aborts attempting because each attempt gets disallowed. ---- I use greylisting on all mail servers that I administrate and I specifically use one that maintains a list of well known smtp servers such as yahoo - it's a rather substantial list and maintained so that pretty much obviates your point #1. Point number 2 is well taken but in my experience, there aren't that many times this has come up (only once) and yes, that will cause an issue but again, I am able to whitelist the range of servers from that system. The real point is that greylisting - at least from the servers I administrate removes about 70% of the junk spam from ever entering the mailqueue. I probably clip off another 12-15% with RBL's, requiring valid helo from forward/reverse compliant DNS hosts and thus the demands on my mail servers from scanning with spamassassin and clamav (virus & phishing) is monumentally reduced. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
