Milter-greylist

I think that milter-ahead is not a good solution - you put all the
burden of dictionary attacks / other malicious activities to your
internal mail server.
A perfect solution is a commercial sendmail which has support for LDAP
lookup.
For those (like me) who use the opensource alternative I would suggest
creating a cron-job that would feed the 'access' sendmail database with
a list of valid recipients. In my case the cron script gathers the
recipients from AD.

This way can achieve the following advantages:
- no sendmail or milter software is necessary to be allowed to connect
to your internal LDAP server.
- in case of milter crash, you still continue filtering invalid recipients
- you remove quite some load from milter-greylist
- you can introduce the sendmail's bad RCPT throttling to avoid
dictionary attacks (BAD_RCPT_THROTTLE)
- much better solution than milter-ahead or similar

Ondrej

Wayne Spivak wrote:
>
> Examining my greylist.db I find a large number of whitelisted addresses
> don't have
> sender e-mail addresses, and by in large (I'd say close to 99% of the
> emails are being sent to non-existent users - in other words they are all
> spam).
>
> How do I configure Milter-Greylist to blacklist these e-mails or blacklist
> people sending to non-existent email addresses (which can be
> problematic if
> someone misspells a username?
>
> Thx
>
> Wayne
>
>