> Currently, greylisting will only start accepting mail from one sender > if it retries (for example) 15 or more minutes after the first > attempt. And MTA's can take much longer before doing a second attempt > on the same MX. With both MX's pointing to one machine (two IP's), we > could instruct Greylisting to accept mails without delay if we have > first seen an attempt on the primary IP, and now get one on the > sencondary. XMailserver has a *LOCALADDR-variable that will help with > this.* If the information on that site is correct, then most MTA's > would retry on the second MX almost instantly after trying on the > first one. So there basically is hardly any delay.
If the primary MX is accepting connections and telling it to try again later, don't SMTAs try the primary again before sending to a secondary, hence the need for the RST packet in the firewall in the nolisting info ? I might be totally wrong about that, but I was thinking the secondary was only used when the primary was unreachable or returning fatal errors ? Greylisting is working great for me, using it with spamassassin + ocr plugin + white and black lists + a few dnsrbls and i rarely get spam anymore. One thing that helps is I have a perl script that tails the maillog (created by the filter script) and watches for two email attempts from the same ip to the same rcpt email address but from different senders in any given 5 minute time frame and auto-blacklists them. Indeed the delay in greylisting is the only thing I don't like about the setup (like password retrieval from a forum or something). ~darren - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
