On 2017-09-29, Peter N. M. Hansteen <pe...@bsdly.net> wrote: > On 09/29/17 15:06, Markus Rosjat wrote: > >> my boss is getting on my nerves that greylisting is basically out of >> date because of things like outlook.com and mails ending up delayed for >> ever. So the next logical step would be to deploy a tool like rspamd or >> spamassasin to examin mail content. These tools need to be trained and >> if you have a small mailserver with less accounts this could take a >> while I imagine. > > It won't surprise anyone here that I disagree with the assertion that > greylisting is in any way outdated. Come back with that assertion when > the SMTP RFC is amended to drop the retry requirement.
These senders do retry, but not always from the same source address. Are you aware of any requirement in RFC5321 about source addresses of retries? I didn't find any when I looked (or even a requirement that retries are done over the same IP protocol version). Greylisting still has its place, but with the way email operates today, exemptions are unavoidable if you have a requirement to communicate reliably with users of many email services. Especially with a strict per-host greylisting implementation, where you don't get any benefit from the common thing where senders often arrange to retry from within the same v4 /24. What you can do with rspamd is only greylist mail that looks spammy but isn't scored highly enough to block outright. (Or you could think of that as making an exemption for mail that doesn't look too spammy). This works quite well in my experience. Unfortunately it's a lot more complex to configure than spamd, though once you start adding scripts and trying to work out who to whitelist, the spamd setup doesn't seem quite so straightforward either. Most of the spam that reaches my mailbox is forwarded by a (high IP reputation) host that sits behind spamd. (I'm looking at you, Chinese state-owned enterprise trying to order a batch of fox fur from my @openbsd address! And others.) That's a lot trickier to block on my side without false positives..
