[Mimedefang] Re: Justifying greylisting to management

[David F. Skoll]

Yizhar Hurwitz wrote:

> I have found that for some reason unknown yet, MS Exchange 2003 SP2 does
> not handle greylisting very well with default configuration,

I've never heard of that.  We use greylisting and have never had problems
receiving mail from MS Exchange users.

Now, there *are* some marginal SMTP servers that fail in the following
scenario:

C: HELO myname.domain.com
S: 250 whatever
C: MAIL FROM:<foo at domain.com>
S: 250 2.1.0 go ahead
C: RCPT TO:<recipient at domain.com>
S: 451 4.7.1 greylisting; try in 2 minutes
C: DATA
S: 503 5.0.0 need RCPT!

(and client bounces message)

Notice that?  Some marginal clients attempt a DATA even if all RCPTs are
4xx'd.  Our solution is to greylist after the DATA phase (that is, at the ".")
While this wastes bandwidth, it does keep those marginal SMTP implementations
from failing.  It also lets us log subject lines of greylisted mail, and we
get lots of logs like this:

what=greylisted, relay=222.46.49.130,
sender=blitzkriegii at crb-recovery.com, subject=Corel Draw

what=greylisted, relay=59.1.51.100, sender=grimes_fa at is.lt,
subject=High quality watches

what=greylisted, relay=220.87.2.20, sender=b.t_marksmh at danbbs.dk,
subject=Replica Watches

what=greylisted, relay=222.79.144.204,
sender=jacobsonvn at zeelandnet.nl, subject=Replica Watches for Low
Prices

what=greylisted, relay=68.179.137.129,
sender=katherinenix at airspeedway.com, subject=Adobe%2C Windows Under
$50%2C and many more from Office XP

what=greylisted, relay=61.53.255.73,
sender=kristinapatelip at intekom.co.za, subject=Your woman wants a
replica

what=greylisted, relay=24.174.27.244, sender=wc_kendallgo at alltel.net,
subject=Trading Report For MicroCap

what=greylisted, relay=65.171.68.158,
sender=homera_marksiq at delanet.com, subject=The Daily Stock Barometer

We block around 50% of all incoming mail just using greylisting.

--
David.