Milter-greylist

I'd like to chime in on this discussion as well.

I don't use any blacklists at work, greylisting only.

I do use a urlcheck at work which checks the MX host DNS entries and
sender domain/ip address with a subnet match. That takes care of most
email farms as well.

It means that for any domain where the mail is handled correctly it
accepts the email without any delay. Which is the urlwhite part of the
email.

It shows that a significant volume of email is coming from correctly
configured domains and mail servers.

For this script you can find the link in the archives.

https://webmail.coltex.nl/spam/

Regards,

Seth

> Ok - I used the wrong stats here.
>
> What we really need to look for are the initial delay of an incoming
> message, which we get from:
>
> # grep "Greylisting in action" mail | wc -l
> 1321
>
> Then there are two possible subsequent events based upon that first
> rejection.
>
> 1) The email is re-sent, and it passes through with an added header
> indicating the delay.
>
> 2) Subsequent emails with the 3-tuple that matches will just sail through,
> these are the "autowhitelist" entries. Note that the ORIGINAL email is not
> an autowhitelist.
>
> We can get a count of the initial email retry, plus the autowhitelist
> emails thus:
>
> # egrep "X-Greylist: Delayed for|autowhitelisted" mail | wc -l
> 95
>
> So - to answer my own question -- yes this is still a VERY valid
> technique.
>
>
> ------
>
> I didn't look closely enough at the log data, the phrase "delayed for"
> occurs on every initial rejection, so its not surprising that those two
> counts were identical.
>
>