[Mimedefang] Re: Justifying greylisting to management

David F. Skoll dfs at roaringpenguin.com
Sun Feb 26 21:15:16 EST 2006

Yizhar Hurwitz wrote:

> I have found that for some reason unknown yet, MS Exchange 2003 SP2 does
> not handle greylisting very well with default configuration,

I've never heard of that.  We use greylisting and have never had problems
receiving mail from MS Exchange users.

Now, there *are* some marginal SMTP servers that fail in the following

C: HELO myname.domain.com
S: 250 whatever
C: MAIL FROM:<foo at domain.com>
S: 250 2.1.0 go ahead
C: RCPT TO:<recipient at domain.com>
S: 451 4.7.1 greylisting; try in 2 minutes
S: 503 5.0.0 need RCPT!

(and client bounces message)

Notice that?  Some marginal clients attempt a DATA even if all RCPTs are
4xx'd.  Our solution is to greylist after the DATA phase (that is, at the ".")
While this wastes bandwidth, it does keep those marginal SMTP implementations
from failing.  It also lets us log subject lines of greylisted mail, and we
get lots of logs like this:

what=greylisted, relay=,
sender=blitzkriegii at crb-recovery.com, subject=Corel Draw

what=greylisted, relay=, sender=grimes_fa at is.lt,
subject=High quality watches

what=greylisted, relay=, sender=b.t_marksmh at danbbs.dk,
subject=Replica Watches

what=greylisted, relay=,
sender=jacobsonvn at zeelandnet.nl, subject=Replica Watches for Low

what=greylisted, relay=,
sender=katherinenix at airspeedway.com, subject=Adobe%2C Windows Under
$50%2C and many more from Office XP

what=greylisted, relay=,
sender=kristinapatelip at intekom.co.za, subject=Your woman wants a

what=greylisted, relay=, sender=wc_kendallgo at alltel.net,
subject=Trading Report For MicroCap

what=greylisted, relay=,
sender=homera_marksiq at delanet.com, subject=The Daily Stock Barometer

We block around 50% of all incoming mail just using greylisting.


More information about the MIMEDefang mailing list