Author: Ian FREISLICH Date: To: gascione CC: exim-users Subject: Re: [exim] Greylistd
gascione wrote: >
> We have started using greylistd for a week now and have seen a dramatic
> drop in accepted SPAM mail. About 95% at last count.
>
> We run a very different config from the default. We greylist for 2
> minutes, delete triplets that don't retry after 2 hours, and delete
> verified retries after 24 hours.
I think deleting untried triplets after 2 hours is a bit agressive
and I've seen zombies retry after 4 minutes. I've seen hosts not
retry for longer than 24 hours as well. These limits are fine for
a home email server, but I think they are inappropriate for a
production environment especially since your greylist doesn't feed
a whitelist.
As an example:
1. At home, I greylist for 15 minutes and delete and blacklist
non-retriers after 24 hours. Retriers get whitelisted, but HELO
morphers get re-greylisted. I'm tempted to increase the temporary
block from 15 minutes to between 30 and an hour for HELO morphers.
2. In our production environment, we greylist for 4 minutes and
remove greylisted entries after 24 hours. Retriers get whitelisted.
Be careful that your greylisting doesn't interfere with SAV callouts
because you will effectively greylist yourself.