Milter-greylist

wrote on Thu, 23 Aug 2007 05:29:27 +0200:

> Your other proposal (matching messages that goes to secondary MX before
> primary) seems a bit more difficult. MX sync may help: the messages you
> want to match arrive at secondary MX without being already greylisted.
> It seems you need to add an information to the greylisting database:
> where the message was presented last time (IP of MX for instance).

For clarification: he wants to run that second MX on the same machine, 
it's just a different IP. By the time you replied I had already forgotten 
that as well, but Matthieu's new message reminds me of that.
So it will go thru the same sendmail and milter, no matter where it was 
sent. And if it comes in via the second MX IP and the tuple is not already 
known to the greylist db it must be a first attempt which is supposed to 
come from a spammer.
I think this method can only be used if you don't have any real backup 
MXes. But with MX syncing it might work even for real backup MX, but in 
that case you also need some testing that verifies that the primary is up 
and accepting messages.

Kai

-- 
Kai Sch\ufffdtzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com