Help!

Debian Exim 4.63 / Greylisting
Post new topic   General Reply to Topic (not reply to a specific post)    Forums Home -> ISP RSS
Next:  [FWD] Re: Apache HTTPS POST limit?  
Author Message
Craig Schneider
External


Since: Apr 06, 2004
Posts: 7
PostPosted: Mon Jun 04, 2007 3:00 pm    Post subject: Debian Exim 4.63 / Greylisting
Archived from groups: linux>debian>isp (more info?)
Hi Debian ISP list

We have installed Exim 4.63 on our Debian Etch system, with greylisting.

The greylist config script put an entry in the begginning of the ACL
section and I was wondering if it would not perhaps be better after the
sender verfy? AFAIK sender verify's are less expensive checks, compared
to greylisting?

My thinking is to have the sender_verffy happening first. If the address
can be verified then it gets passed to greylistd else it gets dropped.

Any suggestions are welcome.

Thanks

c
Back to top
Ward Vandewege
External


Since: Jun 25, 2006
Posts: 6
PostPosted: Mon Jun 04, 2007 3:20 pm    Post subject: Re: Debian Exim 4.63 / Greylisting [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Hi Craig,

On Mon, Jun 04, 2007 at 02:37:59PM +0200, Craig Schneider wrote:
> We have installed Exim 4.63 on our Debian Etch system, with greylisting.

Do you use greylistd or postgrey? I've found greylistd can't cope with
moderate load (couple hundred thousand connections/day), it will just die.
Postgrey + exim works just fine for loads well over 500K/connections/day.

> The greylist config script put an entry in the begginning of the ACL
> section and I was wondering if it would not perhaps be better after the
> sender verfy? AFAIK sender verify's are less expensive checks, compared
> to greylisting?

I do greylisting first, and then sender verification. The latter generates
extra traffic and generates load on other people's mailservers. Greylisting
is very lightweight and certainly a lot quicker than sender verification,
particularly if the remote mailserver is slow/far away/misconfigured.

> My thinking is to have the sender_verffy happening first. If the address
> can be verified then it gets passed to greylistd else it gets dropped.

I'd do it the other way around.

Thanks,
Ward.

--
Pong.be -( "Those who do not understand Unix are condemned to )-
Virtual hosting -( reinvent it, poorly." -- Henry Spencer )-
http://pong.be -( )-
GnuPG public key: http://gpg.dtype.org


--
To UNSUBSCRIBE, email to debian-isp-REQUEST DeleteThis @lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster DeleteThis @lists.debian.org
Back to top
Craig Schneider
External


Since: Apr 06, 2004
Posts: 7
PostPosted: Mon Jun 04, 2007 3:40 pm    Post subject: RE: Debian Exim 4.63 / Greylisting [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Hi Ward

Thanks for your feedback, much appreciated Smile

c

-----Original Message-----
From: Ward Vandewege [mailto:ward@pong.be]
Sent: 04 June 2007 03:18 PM
To: Craig Schneider
Cc: debian-isp.RemoveThis@lists.debian.org
Subject: Re: Debian Exim 4.63 / Greylisting

Hi Craig,

On Mon, Jun 04, 2007 at 02:37:59PM +0200, Craig Schneider wrote:
> We have installed Exim 4.63 on our Debian Etch system, with
greylisting.

Do you use greylistd or postgrey? I've found greylistd can't cope with
moderate load (couple hundred thousand connections/day), it will just
die.
Postgrey + exim works just fine for loads well over
500K/connections/day.

> The greylist config script put an entry in the begginning of the ACL
> section and I was wondering if it would not perhaps be better after
> the sender verfy? AFAIK sender verify's are less expensive checks,
> compared to greylisting?

I do greylisting first, and then sender verification. The latter
generates extra traffic and generates load on other people's
mailservers. Greylisting is very lightweight and certainly a lot quicker
than sender verification, particularly if the remote mailserver is
slow/far away/misconfigured.

> My thinking is to have the sender_verffy happening first. If the
> address can be verified then it gets passed to greylistd else it gets
dropped.

I'd do it the other way around.

Thanks,
Ward.

--
Pong.be -( "Those who do not understand Unix are condemned to
)-
Virtual hosting -( reinvent it, poorly." -- Henry Spencer
)-
http://pong.be -(
)-
GnuPG public key: http://gpg.dtype.org


--
To UNSUBSCRIBE, email to debian-isp-REQUEST.RemoveThis@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster.RemoveThis@lists.debian.org
Back to top
wubante



Joined: Sep 18, 2007
Posts: 1
PostPosted: Wed Sep 19, 2007 11:26 am    Post subject: [Login to view extended thread Info.]
greylistd works great for me as well. 80% of the request never comes back second time. The slight problem is that mails take much longer to arrive. For those customers with no patients, i have to move them to a server with no greylist on. I don't know anybody got a solution for it.


---
ben
spark computinging
http://www.sparkcomputing.co.uk
Back to top
Display posts from previous:   
Post new topic   General Reply to Topic (not reply to a specific post)    Forums Home -> ISP All times are: Eastern Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum