> -----Original Message----- > > There are some big names that play badly with greylisting. They play > badly with greet-pause, too. A problem I've seen with > greylisting is the > round-robin MTA pool. Each is told in turn to come back later > and if the > pool is large it can take a long time to cycle through all of > them. You > have to be careful how you screen the addresses. > > dp
The greylisting scheme I have implemented works at the DATA phase. It uses the sender IP address (top 24 bits only), the sender e-mail address and header date field to form the key for the message. Once a message has passed the greylist test the original sender IP address (full 32 bits) is placed in a whitelist. So, a particular server only needs to demonstrate once that it re-tries and will then be let through in future. By using the top 24 bits of the IP address in the key I hope to cope with a message being re-tried by a different MTA. I have not encountered such a problem yet. I have had a couple of instances where there was a problem because people had written their own code on web servers. They did not re-send the same message, but re-generated it when re-trying and so gave it a new date header. In both cases they modified their code when I explained the problem. Phil. -------------------- Phil Chambers Postmaster University of Exeter _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
