Gordon Colyn gordon at
Mon Sep 25 18:58:38 IST 2006

Please can you give me more info on how to do this?


----- Original Message ----- 
From: "mikea" <mikea at>
To: "MailScanner discussion" <mailscanner at>
Sent: Friday, September 22, 2006 8:50 PM
Subject: Re: Greylisting...

We're graylisting, using the graymilter and sendmail, with a
600-second (10 minute) delay, and it works _very_ well. I haven't run
statistics on failure-to-reconnect recently, but saw something like a
60-70% reduction in mail that actually got through that milter to
MailScanner (and SpamAssassin, ClamAV, etc.). That was well worth the

I did have to whitelist some of our sister agency MTAs that appear not
to do well when presented with
          "reject=421 4.3.2 graylisted - please try again later"
but that's typical: of a given set of MTAs, some will be b0rk3n in
one way or another.

We also use greet-pause with a 15-second delay, and that absolutely
works wonders.

An additional sendmail ruleset stops SMTP transactions with MTAs that
HELO/EHLO as our MX, with this message:
          "ruleset=check_rcpt, arg1=<recipient_address>, 
           reject=554 5.7.1 Invalid helo rejected; send mail to 
abuse at
           if rejected in error - are you really"
which stops even more _and_ gives me nice patterns to watch in my maillog
database. But all that's off-topic here, so ask in private mail if you
want more info.

Mike Andrews
mikea at, mandrews at
Information Security
Oklahoma Department of Transportation
MailScanner mailing list
mailscanner at

Before posting, read

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list