Brian,
I have been running greylisting as part of postscreen since it came out, and was using greylisting before that upgrade came available in the FreeBSD port tree. The only MTA that I've have any issues that required manual intervention was Google. For Google specifically I have to whitelist their IP space, however Yahoo and others have been working fine.
The problem with Google is they have a policy of never retrying with the same IP, while most other providers have a small pool of outbound servers so given a few messages and you'll get all the outbound servers in your cache. This is where using learning mode with a large cache timeout pays off. It will pass traffic without enforcing greylisting, and will use those successes to populate the cache.
Will Gwin www.N5KH.org
On 10/10/17 6:26 PM, Brian Kantor wrote:
Will,
The problem is that the large email purveyors like AOL, Yahoo, Microsoft, etc, use large server farms that balance the load between multiple hosts, so when the mail retries it comes from different IP addresses on every retry. Microsoft, for example, lists thousands of IP addresses as part of their email service.
Greylisting by IP address hasn't got a chance of working in that environment.
Thanks
- Brian
On Tue, Oct 10, 2017 at 06:19:01PM -0500, Will Gwin wrote:
Brian,
Depending on the implementation you're using, you can tune the timers to hold valid hosts longer and enable learning without taking action for a while.
Will Gwin www.N5KH.org
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net