Author: Renaud Allard Date: To: Mike Cardwell CC: exim-users Subject: Re: [exim] Greylisting algorithms after end of DATA
Mike Cardwell wrote:
>
> If a host passes greylisting, I don't bother applying it to any other
> connection from that host regardless of the sender/recipient, as it's
> already "proved" to retry. If a connection passes the greylisting, it's
> remembered for 60 days. If it doesn't retry within 24 hours, it has
> failed. All retries within the first 3 minutes since the initial attempt
> are defered.
Some hosts acts as gateways with NAT and mail relaying. The mail relay
will probably retry each time. But infected windows zombies behind the
gateway won't all the time. I find it pretty useful to greylist for each
triplet (IP/from/to) as it has proven to block zombies behind gateways,
and not the legitimate mails.