The smarter greylisting engines will make an attempt to identify if the
mail is within the same /24 as a previously greylisted IP within the
specified time period to overcome this issue.
While obviously its not guaranteed to get around this issue, we are
greylisting for approximately 3000 domains and since enabling it see a
reduction by almost 60% of mail. Over the last few months I can only
think of 2 or 3 cases where a customer has complained about delayed
email and we have found it to be the fault of greylisting. We do
frequently query against our database to review connections that do not
return where the IP looks legitimate etc in an attempt to maintain a
workable solution. This is in addition to the usual header checks, RBL's
(The Barracuda open RBL is a fantastic resource of late) and then
finally SpamAssassin (Mailscanner).
While also somewhat a stubborn opinion, if administrators can't be
bothered to bring their MTA's into alignment with the relevant RFC's
they deserve the headaches complaining users will serve them.
Nick.
Terry Carmen wrote:
I've used gray listing, but in the end abandoned it. Although it's
moderately effective on spam, it also removed email's immediacy, and
was completely undeliverable by some servers, which really annoys the
users.
Some large organizations with multiple outbound servers will rotate
failed mail among the servers, which all have different IPs, and each
new IP will cause another greylist bounce. The mail will never get
through because by the time it's sent again by the original server,
there's a good chance it's greylist entry will have expired.
Although it's frowned on by some, I've had much better success using a
combination of RBLs and RDNS pattern matching to reject spam. Since a
huge proportion of spam comes from zombie networks that are identified
by DHCP addresses, a dozen or so regular expressions like these will
block a ton of spam.
Terry
---------------------------
smtpd_client_restrictions=reject_unknown_reverse_client_hostname . . .
check_client_access=regexp:/etc/postfix/spam_ip_regex
spam_ip_regex file:
/[ax]dsl.*\..*\..*/i 450 AUTO_XDSL Email Rejected. You appear to
be connecting from a Dynamic IP address. /client.*\..*\..*/i 450
AUTO_CLIENT Email Rejected. You appear to be connecting from a Dynamic
IP address.
/cable.*\..*\..*/i 450 AUTO_CABLE Email Rejected. You appear to
be connecting from a Dynamic IP address.
/dial.*\..*\..*/i 450 AUTO_DIAL Email Rejected. You appear to
be connecting from a Dynamic IP address.
