On Wed, Oct 22, 2008 at 02:28:11PM -0400, Dan Horne wrote: > > - I wouldn't set up a global greylist filter, because all my receiving > mail > > is going to be delayed (I guess my users don't like this ;-)) > ... > > - I wouldn't set up a global REJECT based on RBL... > > - *BUT* I would combine any of the former. For instance: "pass all > mail > > appearing to come from a dynamic IP to a greylist filter" > > [DH] My situation is much the same. I've been using a script called > maRBL along with SQLGrey. maRBL checks incoming IP's against > user-defined RBL's and only passes to SQLGrey if the user is listed in a > blacklist. Selective greylisting has been working well for me for a > couple years now, only greylisting IP's listed in zen.spamhaus.org.
This probably crosses to too ultra-conservative side. I don't know if there are many people who will say that zen has FPs enough to matter. So you might as well block directly. In case of FPs, the recipient even gets notified immediately - it's not like he would get through to many servers anyway. Instead of maRBL, use a flexible policy server like postfwd, and you can do something like this: http://hege.li/howto/spam/etc/postfwd/postfwd.conf
