On Fri, Mar 21, 2008 at 12:03:36AM -0600, Chad Leigh -- Shire.Net LLC said:
> On Mar 20, 2008, at 3:43 PM, Magnus Holmgren wrote:
> > Second, the primary MX should recognise its secondary MXes and not
> > greylist
> > them.
>
> Not in this case as that would allow the spammers to target the
> secondary and escape the greylist and since I cannot guarantee that SA
> will be the same "strictness" on each due to different learn
> databases, etc it opens up a hole. The SA configs started out the
> same on both but the user on the primary has whitelisted a bunch of
> people and the bayesian DBs are different.
Um, greylisting is only effective at stopping machines that don't queue
and retry. Using it purposefully against a machine you know does queue
and retry seems like a waste of time to me, and brings no benefit at all
in addition to whatever pain you cause yourself. Add greylisting on the
secondary if you want to make sure messages get greylisted, but don't
greylist the secondary - that's just counter productive.
--
--------------------------------------------------------------------------
| Stephen Gran | What we wish, that we readily believe. |
| steve@??? | -- Demosthenes |
| http://www.lobefin.net/~steve | |
--------------------------------------------------------------------------