Milter-greylist

Hi,

I'm wondering if anyone has any stats tools for milter-greylist which can go
through sendmail logs and pull out messages with the longest delays for delivery?

Like the baseplan.com issue I just posted about, it would be good for me to be
proactive and try and see what domains trying to send to my clients are having
these types of excessive delays for delivery because of their odd mail servers
configurations.

Are there any such tools?

Thanks.

Michael.

Hi,

we have some Perl script for this, showing that for the last
month 68 % of all delivered external mail came through immediately,
75% after 15 minutes, and almost 90% by 2 hours

but

the real problem for good senders is a configuration where
mail is sent only once or from different hosts where greylisting
prohibits delivery at all. I think you are lost if you
concentrate on clients with long delays.

We try to augment our whitelist by searching for mail hosts we
can trust in our domain. Regular expressions are useful for this.
We impose higher delays on hosts with no DNS entry at all and
those known in DNS black lists and with obvious DSL/IP names.
Then we look at those which are delayed by our minimal delay
time of 6 minutes and try to identify those we can trust.
Some simple pipe like
grep 'delayed for 00:06:0' /var/log/mail | cut --delimiter=' ' -f9 | sort | uniq
shows those where we can look for good arguments to put them
on the white list, like statistics of a different spam filter
(NiXspam in out case).

And not to forget customer complaints, which are - sometimes -
a hint for whitelist candidates.

Michael

Michael Fromme schreef:
> we have some Perl script for this, showing that for the last
> month 68 % of all delivered external mail came through immediately,
> 75% after 15 minutes, and almost 90% by 2 hours

What I do is, verify the if IP address of sending machine corresponds 
with the MX IP address for the sender domain. I match those with a 
generous /24 subnetmask. E.g. mail sent from a valid mailserver is 
accepted without delay, otherwise I greylist.

Furthermore I also accept email where the Sender IP address directly 
matches the domainname in question. This is useful where some mail 
forms/bots on webservers send email directly with regards to website 
registrations.

With this approach I get just 1 call a month regarding our greylisting 
effort. This is a company with about ~150 employees, 7 domains, 
including some very public email addresses.

Cheers,

Seth