You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by "Scot L. Harris" <we...@cfl.rr.com> on 2004/07/08 22:22:00 UTC
greylisting whitelist
First, thanks for all the information regarding greylisting. You have
helped a tremendous amount.
I have implemented milter-greylist on my test system. It appears to
work as advertised.
The only issue that I ran into was the ownership on the
/var/milter-greylist directory. During install ownership was set to
root and it needed to be set to smmsp. Easily found and fixed.
I do have a question regarding the pre-populated whitelist entries in
the greylist.conf file. There were a number of addresses listed for
sites which had servers that had problems handling the temporary
refusal. I checked a number of them against current MX records in DNS
and found only a few of them seem to be valid.
Does anyone know if these entries are stale or if they are still valid?
--
Scot L. Harris
webid@cfl.rr.com
Albrecht's Law:
Social innovations tend to the level of minimum tolerable well-being.
Re: greylisting whitelist
Posted by Matt Kettler <mk...@evi-inc.com>.
At 04:55 PM 7/8/2004, Scot L. Harris wrote:
>How can someone determine the validity of this list then?
>
>I would assume that from time to time the outbound email servers
>would change IP addresses.
you could check SPF records, but if the domain in question doesn't publish
SPF records you are entirely out-of-luck in predicting their outbound MTA's.
Re: greylisting whitelist
Posted by "Scot L. Harris" <we...@cfl.rr.com>.
On Thu, 2004-07-08 at 16:40, Matt Kettler wrote:
> At 04:22 PM 7/8/2004, Scot L. Harris wrote:
> >I do have a question regarding the pre-populated whitelist entries in
> >the greylist.conf file. There were a number of addresses listed for
> >sites which had servers that had problems handling the temporary
> >refusal. I checked a number of them against current MX records in DNS
> >and found only a few of them seem to be valid.
>
> Why would they match the MX records??
>
> MX records list INBOUND mailservers, which don't have to be the same as
> your outbound ones.
>
> For high-volume organizations (which most of the greylist entries are) they
> are almost certainly not going to be the same for load distribution reasons.
I understand now. I should have thought of that.
How can someone determine the validity of this list then?
I would assume that from time to time the outbound email servers
would change IP addresses.
--
Scot L. Harris
webid@cfl.rr.com
As President I have to go vacuum my coin collection!
Re: greylisting whitelist
Posted by Matt Kettler <mk...@evi-inc.com>.
At 04:22 PM 7/8/2004, Scot L. Harris wrote:
>I do have a question regarding the pre-populated whitelist entries in
>the greylist.conf file. There were a number of addresses listed for
>sites which had servers that had problems handling the temporary
>refusal. I checked a number of them against current MX records in DNS
>and found only a few of them seem to be valid.
Why would they match the MX records??
MX records list INBOUND mailservers, which don't have to be the same as
your outbound ones.
For high-volume organizations (which most of the greylist entries are) they
are almost certainly not going to be the same for load distribution reasons.