john.lange at open-it.ca
Mon Dec 4 13:37:50 CST 2006
On Sun, 2006-12-03 at 21:03 -0600, Trevor Cordes wrote:
> After domain keys, I implemented the milter-greylist that Gilbert was
> talking about. It's pretty easy (on FC, with yum packages).
> Anyone care to compare notes?
> I've chosen the following values:
> timeout 25h
> greylist 6m
> autowhite 30d
> subnetmatch /24
> Does anyone think there could be an MTA retarded enough to have the
> queue retry time set to longer than 25h? The greylist default was 5d,
> but that seems a bit excessive, or am I missing something here?
Some of them are very slow to retry. This is my main complaint about
greylisting, some mail is very _very_ delayed.
> As for the greylist option, shouldn't 1m be enough to do the trick?
> Either a spammer will retry or it won't,
Agreed. I have mine set to 50 seconds and its just as effective.
> # This is a list of broken MTAs that break with greylisting.
> Too bad there are MTA's out there that are so
Spammers will soon catch on that if they emulate broken MTAs they bypass
> Of course, some of them like AOL aren't necessarily braindead, but
> instead are hard to greylist because of the common-pool problem.
IMHO we all should have just completely blacklisted AOL back in the 90s
and called it done. ;)
More information about the Roundtable