Paul Johnson wrote:
On Monday June 6 2005 7:56 am, Jakob Hirsch wrote:
What's the usual minimum greylisting-delay, something like 5
minutes? I think that's a little long to keep the connection open
and the sending MTA may drop it meanwhile.
60 minutes is typical from what I've seen (it's the greylistd default
in Debian and likely elsewhere). MTAs typically don't even try to
keep connections open after they've sent or tried to send every
message it can for a particular MX until the next queue run.
My experience with greylisting spam is that a 15 second delay is
sufficient. I keep it at 12 minutes anyway because most emailers resend
at 15 minutes, but the bad spammers never resend. Usually the good
spammers resend in rapid succession so they always get in and they never
stop trying. I wrote a script that permanently greylists spammers from
domains like calmra and eresmas so these bastards have loads of mail in
their queues all the time -- make 'em use up their resources. And you
know as soon as I let up, they resend all of the crap from the queue.
BTW, I let through all of the null sender stuff. As a matter of fact, I
quarantine it and review it manually then release it. I get to see that
many users don't give half a flip about whether the email got there or
not. They keep sending to the same broken email address. So much for
callouts and lazy secretaries.
N.B. Good spammers are spammers that users signed up for or got on a
spammer's list because they signed up for everything else under the sun.
Bad spammers are those that use open relays and send me 35 emails in
rapid fire over and over and try to take out the server. SA takes care
of the good spammers. Greylisting takes care of the bad ones. We get a
lot more bad than good.
Craig Jackson
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
