From: Dan Mahoney, System Admin
Date: 2007-01-18 16:45:31 -0500
Subject: Re: Enabling milter-gris for only a single domain?
More information..: http://www.milter.info/#Support
On Thu, 18 Jan 2007, Mike Horwath wrote:
> On Fri, Jan 19, 2007 at 12:32:26AM +1100, Richard McLean wrote:
>> We have considered doing the same, but on the trial servers we
>> enabled greylisting on for all we were finding too many servers that
>> didn't play well with it (because they function poorly, not because
>> there's anything wrong with greylisting itself) that we had to
>> abandon doing it that way. Anthony, if it helps to know, I'm allow
>> very interested in being able to implement milter-gris in the same
>> way as Dan.
> What servers don't play nicely?
I've heard reports of AOL and Ebay, for starters.
> I only use 10 second greylisting timeouts for reconnection.
I don't understand this. The timeout you use does not affect how often a
sending mail server will retry. There's nothing in the protocol (although
some milters specify it as the error message -- this is for humans, not
mail servers to read) that specifies allowing the receiver to specify a
On a fairly default BSD system sendmail runs as -bd -q30m, which means
even though you only reject for ten seconds, that email's not coming for
This is analagous (both in theory and in how often you'd be surprised it's
true) to taking a TEN MINUTE shower (with a note on your door) when you've
had to be home ALL DAY waiting for a repair person, because you don't
figure they'll show up in that ten minute period. You (the receiver) have
no real control over when they'll try again (if at all).
I've recently discovered http://hcpnet.free.fr/milter-greylist/ which has
(in my mind) a few advantages over milter-gris
1) It lets you use DNSRBLs as one of the definitions for if you should
greylist, which means "sure, go ahead, use every high-collateral-damage
blacklist you like (spews comes to mind).
2) It's actually in FreeBSD's ports (Snert's stuff isn't).
3) There's no complicated builds (I've found building Snert milters to be
a pain because of berkeleyDB version conflicts which have forced me to
have to recompile my stock sendmail).
4) As above, it allows one to only greylist a few domains (I'm doing three
out of several hundred. It can also tailor that based on a regex.
It also claims the ability to check SPF as a feature. I don't understand
what this means, since SPF is not and never was intended to be a mail
accreditation system (like habeas or the other sender-guarantee systems).
However, there's at least one major disadvantage: The DB format it uses is
a flat text file, and it keeps its whole DB in main memory. This could
potentially make it a pig (hence my logic in only doing a few domains --
those which have been overunning my spamd).
I may speak to the author about adding a link against BDB, although the
FAQ says he might be considering SQLITE.
"Little tramp sits in her room all day, sewing dolls! Children
misbehaving in the basement, and one in the walls, doing his business God
knows where! You children will be the death of me, *sniff*."
'Mommy', The People Under The Stairs
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144 AIM: LarpGM
Copyright 2009, 2012 by SnertSoft. All rights reserved.