Milter-greylist

Mart;
  My guess is that you arent in the United States. Here, a large number of  
cable companies that provide broadband do not allow outbound smtp traffic at 
all, for any reason. While your clients may be offended that they can not 
send from their own personal mailservers with dynamic ips, it honestly is a 
good idea to either blacklist or severely delay mail coming from dynamic 
address space. The rationale is simple. If you are a real mail server, then 
obviously you would want to get mail back, and you would never want to make 
it more difficult for people to send you mail than you would want for them to 
receive your mail. Given that dyndns takes some time to propogate across the 
internet, relying on dynamic addressing obviously makes failure rates on send 
to your mail server much much higher. I bet if you do careful forensics on 
your mail queue, you will find that legitimate mail from purported dynamic 
ips is actually just mail relaying directly off the server, ie sending mail 
directly to the destination, with the destination as the relay. There are 
multiple ways to handle this, from whitelisting tuples that have been 
smtp-authed, or in our backwards world way, using pop/imap to directly append 
to the greylist for a period of time. 
 
On Monday 11 September 2006 08:39 am, Mart Pirita wrote:
> Tere.
>
> > You have 70% legitimate senders from dynamic IP pools? What kind of
> > e-mail do you receive?
>
> All kind of normal emails.
>
> > People running on dymanic IP pools tend to use their ISP
> > SMTP server, which is not on a dynamic IP pool...
>
> Well, I can't tell to the clients to use legal smtp server. And by the
> way, almost every big ISP smpt (hotmail, google, yahoo etc) server is
> also atleast every day some time blacklisted. So ISP -s smtp server
> isn't the best solution also. But now the problems seems, that, some RBL
> servers blacklistes whole countries and subnets, note the actual ip
> addresses.