Milter-greylist

Hello all,

The mail servers I manage have come to a point where simple DNSRBL boosted by milter-greylisting (MGL) delays, SMTP service banner delays, DNS consistency and p0f checks, and other such 'cheap math' techniques, ultimately do not block enough spam for our users to be satisfied. So after over a decade in the business I'm finally getting started with relatively CPU-heavy tools like SpamAssassin (SA) running on the inner mailbox server. This was put off for "tomorrow" a few times too many :)

One idea that I'm pondering now is how to best integrate the two with minimal manual work. In one direction, we do manage manual (static) whitelists in MGL, both historically and because it runs early in the stack of filters, and this can be propagated to the later spamd checks with tests on headers with a site-defined mark (generated with MGL msg clause on each static-white hit). Theory sounds promising and should keep traffic from explicitly trusted hosts/domains uninterrupted by both filters ;)

But there is also another direction to consider - tell MGL to forget autowhited entries for hosts that were not caught by MGL, but scored high in content scanning by SA. And do so in a manner that peering MGL instances would replicate the expiration. Likely the two programs run on different servers (edge relays and inner mailboxes), so the method to do this should involve networking - whether some milter-greylist protocol (inject peering commands about expiration? or do something more reasonable?) or copying files and running commands via ssh...

What would be the best approach? And/or am I inventing a well-known wheel? ;-)

Thanks in advance,
Jim Klimov
--
Typos courtesy of K-9 Mail on my Samsung Android