mikea mikea at
Fri Sep 22 19:50:03 IST 2006

On Fri, Sep 22, 2006 at 10:47:36AM -0700, Jeremy Blonde wrote:
> Just wanted to ask the list if they are using greylisting and if they've
> enountered any problems with using it.  I've implemented a small delay
> and it seems to be working okay right now.

We're graylisting, using the graymilter and sendmail, with a
600-second (10 minute) delay, and it works _very_ well. I haven't run
statistics on failure-to-reconnect recently, but saw something like a 
60-70% reduction in mail that actually got through that milter to 
MailScanner (and SpamAssassin, ClamAV, etc.). That was well worth the 

I did have to whitelist some of our sister agency MTAs that appear not 
to do well when presented with 
          "reject=421 4.3.2 graylisted - please try again later"
but that's typical: of a given set of MTAs, some will be b0rk3n in
one way or another. 

We also use greet-pause with a 15-second delay, and that absolutely 
works wonders. 

An additional sendmail ruleset stops SMTP transactions with MTAs that 
HELO/EHLO as our MX, with this message: 
          "ruleset=check_rcpt, arg1=<recipient_address>, relay=[relay_IPADDR], 
           reject=554 5.7.1 Invalid helo rejected; send mail to abuse at 
           if rejected in error - are you really"
which stops even more _and_ gives me nice patterns to watch in my maillog 
database. But all that's off-topic here, so ask in private mail if you
want more info. 

Mike Andrews 
mikea at, mandrews at
Information Security
Oklahoma Department of Transportation

More information about the MailScanner mailing list