Milter-greylist

I believe, whitelisting everyone with a valid SPF record is the most
elegant solution here.
Ok I have heard some claiming that more and more spammers do use SPF as
well but it does not seem to be the a problem in my case - the only
thing I had to do is filter out those "v=spf1 +all" kiddies.

Ondrej

Oliver Fromme wrote:
>
>
> Russell Bell wrote:
> > I turned on milter-greylist for everyone in my domains after it
> > worked well for me and the volunteers. Unfortunately some messages
> > have been delayed for many hours, one as long as 93. I used the
> > default; the log tells me they were all delayed for 30m. Could it be
> > anything other than the sender giving up before 30m has expired and
> > not coming back for hours?
>
> That can happen if the message is being sent from an ISP
> with a large number of outgoing mail servers with different
> IP addresses, and they try to resend the mail from random
> addresses.
>
> That means that the second attempt comes from a different
> address than the first one, so milter-greylist creates a
> new tuple, and the greylist interval starts over again.
> If the third attempt comes from yet another address, the
> same happens again, and so on, until the delivery attempt
> happens to come from an IP address that milter-greylist
> has seen before.
>
> You can alleviate the problem in many cases by using the
> "subnetmatch /24" option in your configuration, so milter-
> greylist will ignore the lower 8 bits of the IP address,
> assuming that the whole net belongs to the same ISP. That
> assumption isn't always true, but the setting seems to work
> very well in practice.
>
> If your users receive many mails from that particular ISP,
> you could alos try to enable the "lazyaw" option. It will
> add IP addresses of successful deliveries to the whitelist,
> no matter who sender and recipient are (by default, the IP
> is only whitelisted for that particular sender+recipient).
>
> Best regards
> Oliver
>
> -- 
> Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
> Handelsregister: Registergericht Muenchen, HRA 74606, Gesch�ftsfuehrung:
> secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht M�n-
> chen, HRB 125758, Gesch�ftsf�hrer: Maik Bachmann, Olaf Erb, Ralf Gebhart
>
> FreeBSD-Dienstleistungen, -Produkte und mehr:
> http://www.secnetix.de/bsd <http://www.secnetix.de/bsd>
>
> "Whatever happened to the days when hacking started
> at the cerebral cortex, and not at the keyboard?"
> -- Sid on userfriendly.org by Illiad, 2007-06-20
>
>