Milter-greylist

A fairly small mail server, tens of users (mostly).  We ran milter-greylist years ago but gave it up due to complaints from some users about the delay time on legitimate mail (this was in the “acl” (pre-racl) days.)

We have recently been getting storms of SPAM, mostly from a select group of top-level domains (e.g. *.download, *.top) and a few netblocks (e.g. an ISP in Bulgaria).  Seeking an expedient solution I have resorted to sendmail’s accessdb feature (e.g. "top ERROR:5.7.1:550 Access denied from TLD top”).  This is quite effective and (of course) actually a bad idea.

I am wondering if I could accomplish a similar effect with milter-greylist, using default whitelisting and greylisting only the problematic TLDs / netblocks / etc.  I think the greylist.conf file looks like this:

domainexact
# if whitelist is the default, could this be like … 1m?
autowhite 1h
racl greylist domain download delay 30m
racl greylist <redacted>.0/24 delay 30m
racl whitelist default
racl whitelist auth /.*/

Comments? Suggestions? Observations?

Can racl entries be included in sendmail’s accessdb? (i.e. simple maintenance automation). The only reference I see to this function in the man pages is ‘noaccessdb’.  I presume the {greylist} sendmail macro can be just (mostly) any string (e.g. “greylist”).  Does anyone use this functionality (successfully)?

Thanks for your assistance.

Oscar