Re: [Sqlgrey-users] Using SQLgrey in an ISP environment

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Josh Endries wrote the following on 12/14/04 17:40 :

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello,
>
> I'm wondering if anyone out there uses sqlgrey (or any greylisting
> policies) in a large/ISP environment, and what success/problems
> they've had. I've been thinking about deploying sqlgrey (due to the
> feature of one backend and multiple nodes), but in my testing on my
> private server I found that the delays were often annoying and
> didn't seem to stop. Maybe I didn't set it up correctly or
> something... :/ I'll test it again sometime.

For one isolated user it takes a long time for auto-whitelist to kick in 
(especially SQLgrey's domain-based one) because the greylister can't 
learn from trafic to other users. You'll have a much better 
auto-whitelist usage in an ISP environment.

>
> Anyway, the main concern I have is that users will not see email
> immediately as most are accustomed to. Unfortunately this seems to
> be a greylisting downfall, not sqlgrey's, and I'm just curious if
> anyone has deployed this on a large scale and if they've run into
> problems or if people are complaining, etc., or any ideas on the
> matter. I realize it could be bad for businesses, but it's effect on
> spam is great. :)

The best way is to let the user decides if it wants to use greylisting 
(or even make them pay for it :-)).
I think you can already use postfix to selectively use greylisting, see 
the postfix online documentation, especially the chapter where it is 
configured to greylist only specific source domains.

I can add opt-in and opt-out support if needed. This could work like this :
- default : current behaviour,
- --opt-in : the RCPT TO: must be in a "optin" table for greylisting to 
be used,
- --opt-out : the RCPT TO: must *not* be in a "optout" table for 
greylisting to be used.

Caveat : IIRC the policy daemon is called *before* alias expansion. If 
you have mailing-lists and/or several aliases for the same users, you'll 
have to take this into consideration when populating optin or optout tables.

Then an ISP can launch sqlgrey in "optin" or "optout" mode and add to 
its web interfaces some configuration pages that will allow its users to 
subscribe to the service by adding/removing entries in the correct 
sqlgrey tables.

Best regards,

Lionel.