Milter-greylist

I am hoping someone can confirm the following.

Using version 1.4 of milter-greylist.

In the log files I see milter-greylist marking messages with header
lines indicating how long that message was delayed.  Most of them seem
reasonable.  However I see a number of them with exceptionally long
delays ranging from 29 hours to 112 hours.

My guess as to why I see this is that the first time delivery of a
message was attempted the IP, sender, recipient was stored and the 451
error was issued.  For regular MTA's they retry the message in a
reasonable amount of time, anywhere from a few minutes to a few hours. 
Spammers generally don't retry or if they do it is with different
information.  

For those messages that have delays of 29 to 112 hours I suspect the
spammer is looping back through their database and resending the same
tuple again.  Milter-greylist apparently does not expire a tuple so it
sees it a second time, auto-whitelists the tuple, marks a huge delay
value in the headers and passes the message on through.  Once
auto-whitelisted the entry should only stay for 24 hours or whatever the
delay is.  

But I don't think there is any kind of expiration on the initial
tuple.   Or did I just miss that?

BTW: great piece of software.  It has reduced our daily spam intake from
3000-6000 per day to 5-10 per day.

-- 
Scot L. Harris <webid@...>