Greylisting Addon

Joseph L. Casale jcasale at ActiveNetwerx.com
Wed Nov 28 17:53:39 GMT 2007



From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Michael Mansour
Sent: Wednesday, November 28, 2007 6:32 AM
To: MailScanner discussion
Subject: Re: Greylisting Addon

Hi Peter,

shuttlebox <shuttlebox at gmail.com> wrote:
On Nov 28, 2007 1:13 PM, Michael Mansour wrote:
> Yes it is a memory hog, but 400Mb of virtual memory isn't that much
> considering I have over 72,000 auto-managed records per server.

It's also easy to tune the memory consumption by adjusting how long it
will keep grey/whitelisted entries in the database.

> I have tried others and found they may work well for one server, but not in
> a distributed environment which requires sync between MX servers.

The sync is very important and I haven't found an alternative that is
capable of that.
Yes, sync is critical. I have also used and tested the greylist server that comes with DCC by Vernon. I use DCC anyway so though I might as well turn on the greylist feature and not have to worry about yet another third party app.

DCC's greylist also has a "peer" feature which does what milter-greylist's sync does (not exactly the same way or as instantaneous as milter-greylist, but still works), so provides the necessary sync between MX peers.

DCC's greylist work fine for *non-MX* servers, however for inbound MX servers which don't have local recipients (but pass the message onto an internal mail server after releasing the message from the embargo), DCC greylist tries to authenticate the recipients with the MX server itself, which of course fails with a "user unknown" and bounces the message to the sender.

DCC greylist doesn't bother reading sendmail's mailertable to determine where the destination recipient is or to even consider that it's just an inbound MX server and should just greylist (embargo in DCC terminology) the email and then send it on to the real mail server with the inboxes.

I explained and reported this problem to Vernon but he didn't accept it as a problem, instead tried to convince me that I didn't need MX servers and I should just run a beefy mail server.

A few emails bounced between us before I gave up trying to explain to him why his greylist implementation doesn't work for inbound MX servers.

He's a cluely guy and knows his stuff, but I just couldn't get through to him, he simply didn't accept the setup I had as a valid setup. Go figure.

Michael.
--
/peter
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!


Michael,
I also have DCC installed but my system does not host mailboxes, it merely passes mail on to my exchange servers. Is there no safe configuration then with DCC alone so I don't have to install anything else?

Thanks!
jlc

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071128/221443c7/attachment.html


More information about the MailScanner mailing list