Zitat von Stan Hoeppner <s...@hardwarefreak.com>:
lst_ho...@kwsoft.de put forth on 12/7/2010 2:18 AM:Zitat von Stan Hoeppner <s...@hardwarefreak.com>:Noel Jones put forth on 12/6/2010 11:10 AM:If you decide that greylisting is right for you, postgrey is a popular choice -- it's flexible and reliable....See google for benefits and risks of using greylisting if you're not familiar with it.Interestingly, just a few days ago I decommissioned Postgrey on my MX along with some other A/S countermeasures. I did this after analyzing logs for some time. I ran Postgrey for about a year. It was stopping some spam at the beginning, although very little, but none for the last few months, and was simply slowing down some legit mail. This is not a reflection on Postgrey performance or reliability, but simply that my other A/S countermeasures are killing everything that can be killed before Postgrey gets a crack at it.How different the world is: Postgrey (Greylisting) saved as from using RBLs with aggressive policies, in fact we have ditched all RBLs beside some few very carefully choosen and let Postgrey do its job. Content Filter are not a option at all as silently loosing mail is much worse than spam.I agree. That's but one reason why I don't use content filters.For slowing down mail: You should have really used the auto-whitelist. With this we get around 1% mail which is actually delayed after some time.Postgrey's auto whitelist feature is on by default. In fact, you can't disable it. If you could, Postgrey would break, as it would never find a triplet.
Huh?? --auto-whitelist-clients=N whitelist host after first successful deliveryN is the minimal count of mails before a client is
whitelisted (turned on by default with value 5)
specify N=0 to disable.
We use --auto-whitelist-clients=1 with long initial delay and very
long max-age. With this nearly all of the mailserver we every speak
with are whitelisted. The other ones are (legal) advertisment which
can wait anyway.
I'm not going to delve into the reasons why greylisting sucks. We all already know them. Some of us can tolerate them, some can't. Some could for a while (me) and got fed up given the very low RIO here. Everyone's mileage varies. If you're having good results with Postgrey you should try the fqrdns.pcre file that I recommended in the thread you replied to. You'll likely see very quickly why greylisting is redundant while using that file.
Sorry, but we have customer operating on lines with very strange DNS settings if it even could be called so. I don't have the time to explain (r)DNS to some clueless remote. So in our case Greylisting is the minimal hassle solution cutting some ten thousands spams a day with zero FP.
Regards Andreas
smime.p7s
Description: S/MIME Cryptographic Signature
