>> I've never had any >> complaints about delivery speed, but some senders have broken mail >> servers that don't retry on receiving a temporary failure. > > Many such servers use broken SMTP implementations that can't handle > a 4xx code in response to RCPT properly. > > We greylist after the end of DATA. This wastes bandwidth, but lets us > use the Subject: line as an additional mix in the greylisting tuple. > This catches ratware that retries in the face of greylisting, but > mutates the subject line with each retry. > > Also, once a given IP passes greylisting, we remember that and we don't > greylist that server for 40 days. If you have a large-enough user population, > this can greatly mitigate the problems caused by initial greylisting delays.
Every 60 seconds we look at all messages that arrived in last 60 seconds. If there Spamassassin score is less the 1 we add that server to a whitelist for 6 months. If its already on whitelist we update the last message time. If a message scores over 5 we remove it from whitelist if its on it. We do not greylist servers on the whitelist. Works very well. Even though we use greylisting our users very rarely notice if at all due to this.
