Greylisting...

[mikea]

On Fri, Sep 22, 2006 at 10:47:36AM -0700, Jeremy Blonde wrote:
> Just wanted to ask the list if they are using greylisting and if they've
> enountered any problems with using it.  I've implemented a small delay
> and it seems to be working okay right now.

We're graylisting, using the acme.com graymilter and sendmail, with a
600-second (10 minute) delay, and it works _very_ well. I haven't run
statistics on failure-to-reconnect recently, but saw something like a 
60-70% reduction in mail that actually got through that milter to 
MailScanner (and SpamAssassin, ClamAV, etc.). That was well worth the 
effort. 

I did have to whitelist some of our sister agency MTAs that appear not 
to do well when presented with 
          "reject=421 4.3.2 graylisted - please try again later"
but that's typical: of a given set of MTAs, some will be b0rk3n in
one way or another. 

We also use greet-pause with a 15-second delay, and that absolutely 
works wonders. 

An additional sendmail ruleset stops SMTP transactions with MTAs that 
HELO/EHLO as our MX, with this message: 
          "ruleset=check_rcpt, arg1=<recipient_address>, relay=[relay_IPADDR], 
           reject=554 5.7.1 Invalid helo rejected; send mail to abuse at odot.org 
           if rejected in error - are you really 192.149.244.25"
which stops even more _and_ gives me nice patterns to watch in my maillog 
database. But all that's off-topic here, so ask in private mail if you
want more info. 

-- 
Mike Andrews 
mikea at mikea.ath.cx, mandrews at odot.org
Information Security
Oklahoma Department of Transportation