On Sun, 2006-12-03 at 21:03 -0600, Trevor Cordes wrote:
After domain keys, I implemented the milter-greylist that Gilbert was talking about. It's pretty easy (on FC, with yum packages).
Anyone care to compare notes?
I've chosen the following values:
timeout 25h greylist 6m autowhite 30d subnetmatch /24
Does anyone think there could be an MTA retarded enough to have the queue retry time set to longer than 25h? The greylist default was 5d, but that seems a bit excessive, or am I missing something here?
Some of them are very slow to retry. This is my main complaint about greylisting, some mail is very _very_ delayed.
As for the greylist option, shouldn't 1m be enough to do the trick? Either a spammer will retry or it won't,
Agreed. I have mine set to 50 seconds and its just as effective.
# This is a list of broken MTAs that break with greylisting. Too bad there are MTA's out there that are so braindead.
Spammers will soon catch on that if they emulate broken MTAs they bypass greylisting.
Of course, some of them like AOL aren't necessarily braindead, but instead are hard to greylist because of the common-pool problem.
IMHO we all should have just completely blacklisted AOL back in the 90s and called it done. ;)
John