OT - Which greylist milter

James Gray james at GRAYONLINE.ID.AU
Wed Oct 5 04:24:57 IST 2005 

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On Wednesday 05 October 2005 09:02, Scott Silva wrote:
> Just getting a feel at which greylist solutions are used by the esteemed
> recipients of this list.
> Especially interested in sendmail milters.

We use milter-greylist on both our sendmail gateways (one FreeBSD, the other 
is CentOS).  Compiled the latest version from source so we can use extended 
regex in our configuration files.  The results have been good:
Spam reduction:  ~30-50%
Virus reduction: ~15-20%
(compared to total spam/viruses before the greylist, ie, not a %-age of total 
mail volume).  As always, the biggest bonus is that all this happens at the 
MTA level saving MailScanner the hassle.

The biggest problems we've had stem from the assumption amongst users that 
e-mail is actually some sort of instant-messaging.  If a message didn't 
arrive within X-seconds, they would log a help desk call!  Despite much 
education and assurance that once the mail (sender+recipient+originating SMTP 
host tuple) had been "learned" there would be no further delays as long as 
the sender sent you mail at least once a month (our autolearned-whitelist 
forgets unused entries older than 30 days).

Our solution was simply to not greylist mail from key clients' domains[1] and 
to manually whitelist a few internal mail accounts (mostly sales people).  
Beyond that, we simply ignored most cries for help from the user population 
until after a week-or-so to give the greylist a chance to "learn" the mail 
patterns.  Surprisingly, this worked - after a week, the flood of "my e-mail 
hasn't arrived" messages dried up. :)

Once these little niggles were sorted, we've been very impressed with the 
results.  The two mail gateways synchronise their autowhite-lists etc too.  
So if a sender gets auto-learned on the primary MX, then tries the secondary, 
they get through without delay there too.  Same rules apply for all 
auto-entries.  So if they try on the primary and get a 451-temporarily 
unavailable, then come back after the set time interval but on the secondary, 
they will still get through on the secondary (even though they originally hit 
the primary).

Grey listing can have some weird (but predictable) side-effects too.  Consider 
the following:

Jill is a user from snafu.foo who sends a message to Barry at fubar.bar.  
After a delay, the grey list lets Jill's mail through to Barry.  Jill and 
Barry exchange e-mail from now on without delay.  Jill sends another message 
to Fred at fubar.bar and CC'ed Barry.  The CC'ed message to Barry goes 
straight through but the message to Fred is delayed.  Barry talks to Fred 
about the message from Jill, but Fred says "WTF?!".  Jill gets a phone call 
from Fred and all three start annoying the IT people until (mysteriously) the 
message to Fred is delivered!

Education is the key I think, but we all know how reluctant lusers are to have 
$CLUE imparted.

Cheers,

James

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list