Greylisting...

Gordon Colyn gordon at itnt.co.za
Mon Sep 25 18:58:38 IST 2006


Please can you give me more info on how to do this?

Thanks

Gordon
----- Original Message ----- 
From: "mikea" <mikea at mikea.ath.cx>
To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
Sent: Friday, September 22, 2006 8:50 PM
Subject: Re: Greylisting...


We're graylisting, using the acme.com graymilter and sendmail, with a
600-second (10 minute) delay, and it works _very_ well. I haven't run
statistics on failure-to-reconnect recently, but saw something like a
60-70% reduction in mail that actually got through that milter to
MailScanner (and SpamAssassin, ClamAV, etc.). That was well worth the
effort.

I did have to whitelist some of our sister agency MTAs that appear not
to do well when presented with
          "reject=421 4.3.2 graylisted - please try again later"
but that's typical: of a given set of MTAs, some will be b0rk3n in
one way or another.

We also use greet-pause with a 15-second delay, and that absolutely
works wonders.

An additional sendmail ruleset stops SMTP transactions with MTAs that
HELO/EHLO as our MX, with this message:
          "ruleset=check_rcpt, arg1=<recipient_address>, 
relay=[relay_IPADDR],
           reject=554 5.7.1 Invalid helo rejected; send mail to 
abuse at odot.org
           if rejected in error - are you really 192.149.244.25"
which stops even more _and_ gives me nice patterns to watch in my maillog
database. But all that's off-topic here, so ask in private mail if you
want more info.

-- 
Mike Andrews
mikea at mikea.ath.cx, mandrews at odot.org
Information Security
Oklahoma Department of Transportation
-- 
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!



More information about the MailScanner mailing list