mikea at mikea.ath.cx
Fri Sep 22 19:50:03 IST 2006
On Fri, Sep 22, 2006 at 10:47:36AM -0700, Jeremy Blonde wrote:
> Just wanted to ask the list if they are using greylisting and if they've
> enountered any problems with using it. I've implemented a small delay
> and it seems to be working okay right now.
We're graylisting, using the acme.com graymilter and sendmail, with a
600-second (10 minute) delay, and it works _very_ well. I haven't run
statistics on failure-to-reconnect recently, but saw something like a
60-70% reduction in mail that actually got through that milter to
MailScanner (and SpamAssassin, ClamAV, etc.). That was well worth the
I did have to whitelist some of our sister agency MTAs that appear not
to do well when presented with
"reject=421 4.3.2 graylisted - please try again later"
but that's typical: of a given set of MTAs, some will be b0rk3n in
one way or another.
We also use greet-pause with a 15-second delay, and that absolutely
An additional sendmail ruleset stops SMTP transactions with MTAs that
HELO/EHLO as our MX, with this message:
"ruleset=check_rcpt, arg1=<recipient_address>, relay=[relay_IPADDR],
reject=554 5.7.1 Invalid helo rejected; send mail to abuse at odot.org
if rejected in error - are you really 22.214.171.124"
which stops even more _and_ gives me nice patterns to watch in my maillog
database. But all that's off-topic here, so ask in private mail if you
want more info.
mikea at mikea.ath.cx, mandrews at odot.org
Oklahoma Department of Transportation
More information about the MailScanner