Milter-greylist

Matt, bit incorrect here. My point had nothing to do with this:


> acl greylist domain /[0-9]{1,3}[-.][0-9]{1,3}[-.][0-9]{1,3}[-.]/
> acl greylist domain /[0-9]{12}/

But this:

  acl greylist domain /[0-9][0-9]*\-[0-9][0-9]*\-[0-9][0-9]*/
  acl greylist domain /[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*/

which I still firmly believe are terrible for performance. And more 
specifically, the point was about using kuldges to greylist purported dynamic 
ips over a maintained list of them. How is it a kludge? There are definitely 
dnamic ip providers out there who do not use 1-2-3-4.provider.com or similiar 
to denote addresses in their space. Many do yes, but not all. RBLs were 
suggested over what was/is potentially a wide variety of regexs similiar to 
the ones originally posted, as the original poster pointedly stated that 
greylisting by default and using domain based acls was totally unacceptable. 

However, the overall thread did illuminate some useful information regardless; 
the general opinion here is that 100 regexs are almost definitely worse off 
than a single RBL call, as few as two or three expressions can totally nuke 
your box if they are poorly written, and that the best option will vary 
totally, but likely to contain some mix of rbl or sendmail db references tied 
with expression based acls as neccesary, and to very carefully build 
expressions to prevent excessive backtracking, the agreed bane of this 
discussion.