On 8/31/06 6:19 AM, "W B Hacker" <[EMAIL PROTECTED]> wrote:
> Greylisting, BTW, is likely to more than double your connection load, (retry > may > be idioticlly rapid for zombies) - spawning child processes that may not go > all > the way through to the DATA phase, but will certainly consume resources. We run a monitor which, every 5 minutes, queries our greylisting database for /24 subnets which have sent "too many" messages "recently" deferred by greylisting. We (really, "I") look at those--manually, still; the idiotically rapid retriers among them stand out for their high blocked_attempts counts and are easy blacklisting decision--blacklisting keeps them out of greylisting processing. I don't see all that many. Much more often I'm late enough to the party that I see non-retrying zombies (which I blacklist mostly for record-keeping reasons). (Our blacklist database allows for either hosts or /24s--a dynamic IP with an infected machine leads to blacklisting the /24, of course.) --John -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
