The following solution solves 99% of the problem: - IF mail is from a local (or authenticated) client
- AND the sender has already passed "reject_unlisted_sender" - THEN store the (sender, recipient) pair in a whitelist. This can be done with trivial modification of an existing greylisting policy daemon. Occasionally, a sender or recipient address will become invalid, or a user mis-types. To clean out junk, maintain a "last use" time stamp for each (sender, recipient) pair, and periodically remove entries that are too old. Or just rename the database late Saturday night and let it re-populate over time. Wietse