On 8/15/07, Wil Hatfield - HyperConX <[EMAIL PROTECTED]> wrote: > > > > This is the biggest problem with "fake" MX records for me. If your > > primary MX is not available, you will simply lose mail from some > > senders. It's entirely their "fault" for violating the RFCs but the > > mail is still lost, and it isn't easy to explain whats going on to > > your users/customers. Greylisting gives me about the same effect but > > it works with a bigger percentage of borken servers and I can easily > > exclude broken mailservers if needed. > > > > Aaron, so what greylisting techniques are working best for you? > > Wil Hatfield > >
I use SQLgrey (http://sqlgrey.sourceforge.net/) with a backend mysql server shared between all MX nodes. SQLgrey works very well and has many smart features beyond basic greylisting that help reduce problems. By sharing the database, you gain some coherence which SQLgrey takes advantage of well. I had tried some other greylisting daemons in the past and couldn't deal with the support load they created, but I've been very pleased with this setup for some months now. With a couple RBLs, greylisting, and the UCE checks built in to Postfix, I can drop about 80% of mail on a good day with very few complaints. For some domains it's much higher, I have a couple that I reject over 99% of their mail and they love it :) When I try to get more aggressive it generally increases support calls, so I let SA take care of the rest. -Aaron > >