On 07/03/14 17:21, Noel wrote:
On 3/7/2014 10:21 AM, Alan Chandler wrote:
One question I would be very interested in - and can't find much
about it is how long do you greylist these people for?
Basically I only greylist people who fail the spf checks at the
moment (that is specifically those who explicitly fail the spf
check and those that have an spf record with a +all at the end)
I greylist a softfail for 4 hours and a hard fail or open for 12,
but I plucked these figures out of the air.
Alan
A delay of 5..15 minutes is sufficient, a delay of hours
unnecessarily delays legit mail without increasing the
effectiveness. The vast majority of bots either don't retry, or
retry once immediately.
It seems to me that greylisting based on spf would not be very
effective since it appears many bot herders intentionally use
domains without spf records.
Remember the purpose of greylisting is to reject bots, not delay
"real" mail servers -- even if you don't want their mail.
-- Noel Jones
Thanks
These few posts have made me rethink my strategy here.
Alan
