dw> In particular, if a given host is found to _actually_ resubmit a
dw> mail after a temporary rejection, there's no point in _ever_ using
dw> greylisting with that host again. You _know_ it queues mail
That's correct, with a caveat. (We have several whitelist entries for
"marketing partner" sorts of undesirables who run real SMTP outbound
servers. Greylisting them just adds clutter and load and is
ultimately pretty pointless.)
You should wait at least a little while after the temporary rejection
before drawing this conclusion. There are some spambots (and, alas,
some legit SMTP servers) which will retry with essentially no delay.
I use a 5 minute delay here because it seems adequate (by my eyeball
inspection of the logs).
To come to the conclusion that a particular message is being
resubmitted, you have to see the message itself. Most greylisting
implementations act after RCPT. To know that the message is the same,
you'd have to act after DATA. Possible, of course, but not as simple,
and it's more costly. Most greylisting implementations act on the
triplet of (recipient, sender IP, sender). You could whitelist an IP
for all combinations after the first time (or after N times) it got a
"pass" in greylisting. The danger is probably small that you'll
whitelist it due to coincidence. This may be a good optimization for
VERP senders and the like.
--
bill-exim@??? (WJCarpenter) PGP 0x91865119
38 95 1B 69 C9 C6 3D 25 73 46 32 04 69 D6 ED F3
