This page presents some tricks to improve the effectiveness of greylite.
Greylite's algorithm renders greylisting nearly transparent because
after the first message from a mailserver, all subsequent messages
pass without delay. However, some large ISPs scatter the outgoing mail
traffic across thousand of sending servers. In this scenario any new
server needs to authenticate
, and moreover their re-trial
interval is usually further diluted by the ISP (to spare resources).
Yahoo! and Gmail are two such examples with a lot of MTAs. You may assume they are not spammers and disable greylisting when responding to them. This is convenient for gmail, whose re-trials can take up to several hours. To do so, include the following blocks in your tcprules file, before the :allow,GREYLIST="" line:
# gmail mtas block (from SPF): disable greylisting
216.239.32-63.:allow
64.233.160-191.:allow
66.249.80-95.:allow
72.14.192-255.:allow
209.85.128-255.:allow
66.102.0-63.:allow
74.125.:allow
# yahoo mtas block (induced): disable greylisting
66.196.127.:allow
66.196.97.:allow
68.142.202.:allow
68.142.236.70-254:allow
68.142.237.0-239:allow
206.190.36.:allow
206.190.53.:allow
206.190.59.:allow
209.191.119.:allow
209.191.88.:allow
216.39.53.:allow
216.252.108.:allow
217.12.10.:allow
217.146.177.:allow
217.146.182.:allow
This disables greylisting for the address blocks used by gmail an yahoo for MTAs.
A similar tcprules-ready list of whitelist-recommended addresses is maintained on this site. As a general practice, it is usually safe to whitelist known domains that provide SPF information. The simple fact of providing SPF means that the firm is endorsing responsability for its mail traffic.