Matt Kettler said: > It does miss out on the "extra benefit" of bandwidth savings, but does not > defeat the spam-prevention powers of greylisting. And reducing the amount > of spam in your mailbox IS the primary purpose of greylisting. > > The spam still doesn't end up in your mailbox. The legitimate email still > tries again. Benefits of greylisting are 99% intact. >
Just do dual-layer greylisting. Do a 3minute reject on first delivery, then a longer greylisting on mail that is received again and after content analysis at the data phase. My incoming mail for the past month was 2% scored between: 5-10.4 score. 70% scored over 10.5 and was rejected. If you greylisting at an arbitrary high level you won't get complainst, but you might as well just reject the email. The difference between spam and non-spam scoring email is huge, less then 2% is actually low scoring, and might theoretically be ham. Just make sure your total reject time does not exceed an arbitrary time. You can also do greylisting on a sender/relay-domain pair. Match on the first 3 octets of the sending ip address, so won't block mail that is sent by a pool of computers. Big sites might use a round-robin system for delivery of email, so you do not want to greylist by ip address, but rather by the domain of the sending relay. You could also set a higher greylisting for sites on specific rbls. I kept my greylisting simple, at the relay level, to save on bandwidth, not at the data level. It has worked flawlessly, and I have had no complaints. You also need a shared database if you have multiple incoming mail server's that are all greylisting. -- Luke Computer Science System Administrator Security Administrator,College of Engineering Montana State University-Bozeman,Montana
