________________________________________ >From: Reindl Harald <h.rei...@thelounge.net> >Sent: Monday, September 28, 2015 3:11 PM >To: users@spamassassin.apache.org >Subject: Re: Add "may be forged" minor rule?
>Am 28.09.2015 um 22:04 schrieb Amir Caspi: >> On Sep 28, 2015, at 1:53 PM, John Hardin <jhar...@impsec.org> wrote: >> >> Is greylisting an acceptable option in your environment? >> > Probably not. I've got some users who would not accept it. I'm thinking >of implementing it anyway, but right now, not a viable option I thought the same thing so I eased it in with the sqlgrey discrimination option. My users never even knew I implemented it since I went live on a Friday evening. I filter for almost 100,000 mailboxes and zero complaints from users, just a lot less reports of spam to our support mailbox. You could use the discrimination to just start with those rare 4 letter and longer TLDs and ease into it. >depending on your MTA just order greylisting *after* SPF and DNSWL's >we do the same for HELO/PTR policies with no delays / FP's >yes, we are speaking here about the layer long before SA This is the best thing you can do to block zero-hour and compromised account spam before the sending IP becomes listed on enough RBLs to actually get blocked.
