John W. Baxter wrote: > On 8/31/06 6:19 AM, "W B Hacker" <[EMAIL PROTECTED]> wrote: > > >>Greylisting, BTW, is likely to more than double your connection load, (retry >>may >>be idioticlly rapid for zombies) - spawning child processes that may not go >>all >>the way through to the DATA phase, but will certainly consume resources. > > > We run a monitor which, every 5 minutes, queries our greylisting database > for /24 subnets which have sent "too many" messages "recently" deferred by > greylisting. We (really, "I") look at those--manually, still; the > idiotically rapid retriers among them stand out for their high > blocked_attempts counts and are easy blacklisting decision--blacklisting > keeps them out of greylisting processing. > > I don't see all that many. Much more often I'm late enough to the party > that I see non-retrying zombies (which I blacklist mostly for record-keeping > reasons). (Our blacklist database allows for either hosts or /24s--a > dynamic IP with an infected machine leads to blacklisting the /24, of > course.) > > --John > > >
Diff'rent strokes. One of the reason we decided not to use greylisting was that Exims's other tools were so effective there was nothing left that needed to be greylisted. Take the dynamic IP's for example... No *you* take them... ;-) We do have to 'brownlist', for example, NetSol, who send from IP's with no DNS entry, but even there, it is only for traffic from one domain.tld, and fewer than a dozen usernames we allow in that domain.tld. The rest can whistle. Bill -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
