From: Akihiro KAYAMA (no email)
Date: Tue Jun 01 2004 - 01:14:44 EDT
Hi Philip.
In article <>,
Philip Hallstrom <> writes:
philip> I'm looking into some of the greylisting options out there and
philip> they look pretty nifty. One thing I'm concerned about though is
philip> legitimate email sent from badly configuring mailers that don't attempt to
philip> resend as described here:
philip>
philip> http://www.greylisting.org/whitelisting.html
I have been using greylisting for a month. In this period, except
mails from mailing list, I lost one mail from my customer that comes
from a server which do not tend to retry respond to temporary failure.
It seems to use Sendmail so I guess it has been miss configured by
awful admin.
Unless you can predict the server from which a mail comes, whitelist
is not help for you. If I could find another RFC non-conformant
server, I may rethink of using greylisting.
philip> So here's my question... for those of you who have implemented
philip> greylisting, have you found this to be an issue? Or by adding these IP's
philip> and domains to the whitelist are things still okay.
Original greylisting method is so strict for me that I use "very
loose" version of greylist.pl.
Differences from original are:
a) In <IP, sender, recipient> triplet, last octet of IP address and
localpart of sender ignored.
b) If triplet matches once, the /24 network include the host is trusted.
This modification gets rid of the need of generating whitelist
manually and annoying delays by VERP. Yes, it also allows extra SPAMs,
but greylisting is still powerful. 80%-90% of SPAMs are blocked. It's
enough for me.
-- kayama
|
|
|