Am 29.07.2016 um 22:48 schrieb Dianne Skoll:
On Fri, 29 Jul 2016 22:39:15 +0200 Robert Schetterer <r...@sys4.de> wrote:I don't use postfix or postscreen.hm.. that does not fit the subject..why did you involved yourself ?I am sorry. I should have changed the thread subject.you may get that quite better, i see a lot of server greylisting useless ,only filling up others queues waiting for a second slot ,so it may only cheap for you but not for your partners Dont slow down communication if you dont need toSo what I didn't mention is that in our implementation, once an IP address successully passes greylisting, we no longer greylist it for the next 45 days. (It would probably be pointless... if an IP passes greylisting once, it probably will keep passing it.)
that's nothing special and postgrey does the same, the whole point of greylisting is that badly written bots don't try again (the same happens if they connect to a backup-MX responding with 4xx)
also it don't help for clients which *do not* pass like large senders with outbound clusters coming each time from a different IP
hence you skip greylisting based on DNSWL and spf-policyd because that big legit senders hit DNSWL or have a proper SPF while random bots of infected machines don't and this ones are your target for greylisting
signature.asc
Description: OpenPGP digital signature
