[Mimedefang] Greylisting

Charles cg-list at sterlingideas.com
Thu Dec 15 10:05:48 EST 2005

Brian Leyton wrote:
> I think it might require a bit of prep work to make this a bit less
> noticeable.  The recommendation of building a whitelist ahead of time looks
> like a very good idea, particularly for the main companies that we
> correspond with.  How would you recommend going about this?  I'm thinking
> that if I parse my logs for a week or two, I could come up with a list of IP
> addresses for various servers we'd want to whitelist - would you list just
> that server, or the whole /24?

Actually, you may just be able to use the greylist code.  In my case, I 
put the greylist code into production but commented out the actual 
tempfail call.  I let it run like that for about 2 weeks, during which 
time it is building up entries in mysql.  After the two weeks, I put the 
tempfail call into place, but all of my customer's main email partners 
had already cleared the greylist during the 2 weeks.  This won't produce 
a true whitelist, but it will dramatically reduce the impact when you 
turn greylisting on.


More information about the MIMEDefang mailing list