>Since we implement following whitelist_dns we manage to whitelist >85% of proper mail server. The number of triplet and helo data >dropped drastically. >We were able to downgrade policyd database to old server and use the >newer server to do content scanning. > > >+----------------------------+ >| _whitelist | >+---------------------------- + >| %.edu.au | >| %.ev1servers.net | >| %.gov.au | >| %.iserver.net | >| %.lnk.telstra.net | >| %.mailguard.com.au | >| %.messagelabs.net | >| %.netregistry.net | >| %.planetdomain.com | >| %.server-<http://web.com>web.com | >| %.shared.server-<http://system.net>system.net | >| %.sun.com | >| %bounce% | >| %exchange% | >| %filter% | >| %google.com | >| %gw-% | >| %gw1% | >| %gw2% | >| %hosting% | >| %list% | >| %mail% | >| %mta% | >| %mx%.% | >| %outbound% | >| %pobox.com | >| %post% | >| %proxy% | >| %relay% | >| %return% | >| %server% | >| %smarthost% | >| %smtp% | >| %www% | >| %yahoo.com% | >| ns1% | >| ns2% | >| ns3% | >+---------------------------- +
These whitelist rules whitelist just about everything, I could see it reducing the policyd load considerably. Is your purpose to only greylist dynamic addresses? If so, it kinda seems like a good idea, because legit mailservers (even if hacked or open relays) will always properly respond to a 4xx error whereas most dynamic clients (windows malware infected and spammers) won't. - Nate ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ policyd-users mailing list policyd-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/policyd-users