> - I wouldn't set up a global greylist filter, because all my receiving mail > is going to be delayed (I guess my users don't like this ;-)) ... > - I wouldn't set up a global REJECT based on RBL... > - *BUT* I would combine any of the former. For instance: "pass all mail > appearing to come from a dynamic IP to a greylist filter"
[DH] My situation is much the same. I've been using a script called maRBL along with SQLGrey. maRBL checks incoming IP's against user-defined RBL's and only passes to SQLGrey if the user is listed in a blacklist. Selective greylisting has been working well for me for a couple years now, only greylisting IP's listed in zen.spamhaus.org. maRBL might be dead now (at least the links I had for it are dead), though it is just a simple script and works very well in my production environment. It checks the IP against the RBL and returns DUNNO if it is not listed and "greylisting" if it is listed. "greylisting" is a restriction class in main.cf that calls SQLGrey, though I imagine you could use just about any greylisting daemon. maRBL can also call and use the results from p0f-analyzer from amavisd-new to greylist only, say, Windows machines, but I found that less than useful and commented out all that code.
