>> So I'm sure I understand, well-known mail servers should be whitelisted? > > No known mailer should ever hit your greylist. Think about it, what is the > greylist food? It's not to stop Google or comcast sending you mail. You know > those are legitimate mailers and they will retry, so what are you > accomplishing?
That makes perfect sense. > You use a greylist (though I recommend you don't) so try to stem the flow of > botnets sending spam. They don't come back and retry, so greylisting is > effective. You don't recommend it for the reason you state below? >> The deep protocol checks have eliminated most of the spam from my >> inbox so I'd like to keep them in place. > > Yes, but the key up there is "per unique IP". So, let's say that google has > 4,000 mail servers. You could potentially hit all of them. If you are a > low-traffic site, you will be deferring google mail all the time, and that > may not be good because let's say you need an email and it comes from machine > 1, and is retried by machine 211 and then retried by machine 3855. And you > defer it every time. >> >>> Postfix 2.11 (currently in development snapshots) includes a >>> wonderful feature to bypass postscreen tests for clients listed in >>> dns whitelists, such as list.dnswl.org, greatly reducing unnecessary >>> tests. > > And there was much rejoicing. \O/ If I understand correctly, this will completely eliminate the problem you described above? - Grant
