OT: milter-greylist before rbls?
Mike McMullen
mlm at loanprocessing.net
Sun Aug 21 13:47:28 UTC 2005
----- Original Message -----
From: "Paul Howarth" <paul at city-fan.org>
To: "For users of Fedora Core releases" <fedora-list at redhat.com>
Sent: Sunday, August 21, 2005 2:20 AM
Subject: Re: OT: milter-greylist before rbls?
>> Maybe I spoke too soon on this working. I added the delay_checks (actually uncommented it)
>> in the sendmail.mc file. I then ran make on it. Saw that sendmail.cf was indeed created. I then
>> restarted my MailScanner and saw greylisting happening first. However, I am still seeing
>> 553 reject messages. If I go back and grep through the maillog on the IP or server name
>> I don't see any greylisting entry.
>>
>> What am I missing here?
>
> The greylisting is presumably handling tuples of (sender, recipient,
> source-IP). So the milter can't do the TEMPFAIL until RCPT TO: time. The
> delay_checks feature also delays DNSBL checks until RCPT TO: time.
> However, since the DNSBL checks are configured directly into sendmail's
> configuration file, they're going to happen before the milter "sees" the
> recipient address.
>
> Just curious; why would you want this the other way around anyway?
>
> Paul.
> --
My impression of how greylisting works (in general) is that everything is rejected temporarily.
Those sites
that resend after X period of time are whitelisted for Y period of time. The resend should then
get the battery of tests I have set up after that; DNSBLs, MailScanner, ClamAV, SpamAssassin etc.
The reason I want greylisting to work first is to eliminate those zombie machines that attempt to
send zillions of emails. Typically they get a reject and just move on. That way load is cut down
on my system.
Thanks,
Mike
More information about the fedora-list
mailing list