Author: W B Hacker Date: To: exim users Subject: Re: [exim] SMTP processing hangs during bayes sync
John W. Baxter wrote:
> On 8/31/06 6:19 AM, "W B Hacker" <wbh@???> wrote:
>
>
>>Greylisting, BTW, is likely to more than double your connection load, (retry
>>may
>>be idioticlly rapid for zombies) - spawning child processes that may not go
>>all
>>the way through to the DATA phase, but will certainly consume resources.
>
>
> We run a monitor which, every 5 minutes, queries our greylisting database
> for /24 subnets which have sent "too many" messages "recently" deferred by
> greylisting. We (really, "I") look at those--manually, still; the
> idiotically rapid retriers among them stand out for their high
> blocked_attempts counts and are easy blacklisting decision--blacklisting
> keeps them out of greylisting processing.
>
> I don't see all that many. Much more often I'm late enough to the party
> that I see non-retrying zombies (which I blacklist mostly for record-keeping
> reasons). (Our blacklist database allows for either hosts or /24s--a
> dynamic IP with an infected machine leads to blacklisting the /24, of
> course.)
>
> --John
>
>
>
Diff'rent strokes. One of the reason we decided not to use greylisting was that
Exims's other tools were so effective there was nothing left that needed to be
greylisted.
Take the dynamic IP's for example...
No *you* take them...
;-)
We do have to 'brownlist', for example, NetSol, who send from IP's with no DNS
entry, but even there, it is only for traffic from one domain.tld, and fewer
than a dozen usernames we allow in that domain.tld. The rest can whistle.