[RndTbl] greylisting

John Lange john.lange at open-it.ca
Mon Dec 4 13:37:50 CST 2006

On Sun, 2006-12-03 at 21:03 -0600, Trevor Cordes wrote: 
> After domain keys, I implemented the milter-greylist that Gilbert was
> talking about.  It's pretty easy (on FC, with yum packages).
> Anyone care to compare notes?
> I've chosen the following values:
> timeout 25h
> greylist 6m
> autowhite 30d
> subnetmatch /24
> Does anyone think there could be an MTA retarded enough to have the
> queue retry time set to longer than 25h?  The greylist default was 5d,
> but that seems a bit excessive, or am I missing something here?

Some of them are very slow to retry. This is my main complaint about
greylisting, some mail is very _very_ delayed.

> As for the greylist option, shouldn't 1m be enough to do the trick?
> Either a spammer will retry or it won't,

Agreed. I have mine set to 50 seconds and its just as effective.

> # This is a list of broken MTAs that break with greylisting.
>   Too bad there are MTA's out there that are so
> braindead.

Spammers will soon catch on that if they emulate broken MTAs they bypass

> Of course, some of them like AOL aren't necessarily braindead, but
> instead are hard to greylist because of the common-pool problem.

IMHO we all should have just completely blacklisted AOL back in the 90s
and called it done. ;)


More information about the Roundtable mailing list