On Wed, Oct 8, 2008 at 4:01 AM, Johan Andersson <[EMAIL PROTECTED]> wrote: > MailingListe wrote: >> >> Zitat von Johan Andersson <[EMAIL PROTECTED]>: >> >>> Hi, >>> >>> We are thinking to implement some form of greylisting at one of our >>> sites and wonder which one of the many flavors out there >>> that this group have found reliable? >>> >>> I know postfix has its builting one from a while back, but feel unsure >>> if it viable for our site... postgrey and gps seems they added >>> some features that mighe be usable for us... like automatic trunking of >>> the list >>> >>> I just starting to read up on it so I feel very noobish at the moment :) >>> >>> We have six MTA's that receive approx 1million emails a day (total) on >>> roundrobined addresses. >> >> Be sure to use some form of automatic whitelisting for real MTAs as it >> will be painful to purge the million triplets in the greylisting database >> otherwise. >> >> We use postgrey with a long initial delay and a very long purge delay for >> automatic whitelisted MTAs, so most of our day-to-day contacts are in the >> whitelist with no further delay and no additional triplets in the >> greylisting database. >> >> Regards >> >> Andreas > > Yes, > I have been thinking about this way as well, although, the discussion around > keeping a central database for all MTA's have me wondering... > > In the protocol, when a host is asked to retry later... .i.e. gets the "451 > 4.7.1 Please try again later" response... > Will it the retry go to the same host or do a new MX/DNS lookup to resolve > the mailaddress?
Different MTAs will behave differently. > With six MTA's on roundrobin, if it does a new lookup it could be a long > time before it hits the same host again. > With a central DB this is solved, but then we got a SPOF instead... :-/ > which must be handle by the GL software... > with local db's as seems to be the case with postgrey, it means all senders > must "whitelist themself" to each host? > I think you'll have to have some sort of central db for a setup with round robined MXes, which as you noted can be a single point of failure. postfix is unforgiving of a policy service that doesn't work perfectly, so its important any design you have allows the greylisting service to return valid results at all times. > /Johan A > > > > > > >
