Milter-greylist

On Wed, October 7, 2009 09:46, philippeake wrote:
> Very few spammers still used dedicated systems to send out their wares,
> most now use bot farms.
>
> This means that they will be sending via real MTAs, which will retry.
>
> Looking at my logs over the last two days I see this:
>
> # grep "Greylisting in action" mail | wc -l
> 1234
> # grep "delayed for" mail | wc -l
> 1234
>
> So every email delayed by greylisting was eventually re-sent and accepted.
>
> Most SPAM was blocked by RBLs, that which passed (the 1234 above) then
> went on to SpamAssassin, which trashed around 1,210 of them as SPAM.
>
> Greylisting contributed ... zero.


Working good for me ...

[var@cp1 tmp]$ zcat mx1-maillog.1.gz mx2-maillog.1.gz | sed -n
's/^.*milter-greylist: .* from <\([^>]\+\)> to <\([^>]\+\)> delayed
for.*$/\1:\2/p' | sort -u | wc -l
741
[var@cp1 tmp]$ zcat mx2-maillog.1.gz mx2-maillog.1.gz | sed -n
's/^.*milter-greylist: .* from <\([^>]\+\)> rcpt <\([^>]\+\)>:
autowhitelisted for.*$/\1:\2/p' | sort -u | wc -l
65


Last week I had 741 unique from-addr/to-addr combinations that were
greylisted, but only 65 unique from-addr/to-addr combinations that were
autowhitelisted after the greylisting.


FWIW - I only use one RBL (HostKarma's BL) to actually blacklist.  I used
other RBL's for varying lengths of greylisting.