Dnia 27.11.2025 o godz. 00:01:13 Kyrian (List) via mailop pisze: > What's the consensus? In times where 2 factor authentication emails > are frequently completely pointless trying to go through greylisting > where they are delayed beyond their timeouts. But where spammers > obviously still persist. Is it still worth trying to greylist, or > rely on other methods instead? Is it the case where SMTP-time > spam/virus scanning is a necessity and greylisting should be > removed? How do other folks on the list balance out this conflict in > their systems?
I still do greylisting, however I was running into similar problems with emails not arriving on time as you. After changing default postgrey's greylisting delay of 300 seconds (5 minutes) to 1 minute I have no problems anymore. From what I see in my logs, there are many servers (especially from ESPs and similar specialized outgoing SMTP server farms) that retry only for a couple of minutes after they received the initial 4xx reject, then give up. Changing the delay to 1 minute seems to satisfy most of them. Of course, there are still ones that retry from different IP address each time, so chances are the mail never gets through, because on each attempt it will be again greylisted as "new". There are also some that don't retry at all (from my experience, Github (!) and WeTransfer (!) is the case). These must be exempted from greylisting. Some of them are already included in postgrey's default configuration, some of them must be added (in my case, besides mentioned Github and WeTransfer, I had to add - among others - Amazon SES, as it wasn't in the default config, and it retries from different IP address each time). However, as there are very few cases when greylisting actually filters out some spambots (it still does, but much more rarely than in past times, most spambots are caught by DNSBLs before they reach the phase when they would be greylisted) I might consider removing it. You may also consider using Postscreen "pre-greet" tests instead of greylisting. According to what many Postfix users report, they work better - but myself I haven't implemented this yet, so I can't say anything. Of course these are only additional measures. You have to run content scan (SpamAssassin or similar) anyway. But as content scan is "heavy", I think it still makes sense to use "lighter" filtering mechanisms (like DNSBLs or greylisting, or even manual blacklists) before proceeding to content scan. -- Regards, Jaroslaw Rafa [email protected] -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
