Re: [exim] Greylisting algorithms after end of DATA

Top Page
Delete this message
Reply to this message
Author: Mike Cardwell
Date:  
To: exim-users
Subject: Re: [exim] Greylisting algorithms after end of DATA
* on the Mon, Jan 22, 2007 at 07:53:20AM +0100, Renaud Allard wrote:

>> If a host passes greylisting, I don't bother applying it to any other
>> connection from that host regardless of the sender/recipient, as it's
>> already "proved" to retry. If a connection passes the greylisting, it's
>> remembered for 60 days. If it doesn't retry within 24 hours, it has
>> failed. All retries within the first 3 minutes since the initial attempt
>> are defered.
> Some hosts acts as gateways with NAT and mail relaying. The mail relay
> will probably retry each time. But infected windows zombies behind the
> gateway won't all the time. I find it pretty useful to greylist for each
> triplet (IP/from/to) as it has proven to block zombies behind gateways,
> and not the legitimate mails.


Interesting. I never considered that. I feel that's an edge case though
and implementing it that way would probably largely increase delays in
mail delivery, whilst only preventing a few spams getting through to my
other filters.

Mike