Greylisting with multiple MX servers

Michael Mansour
Fri Apr 6 22:52:29 UTC 2007


I've been using dcc for many years and recently decided to enable the
greylisting functionality.

I must say this became confusing when I finally enabled it and got complaints
from clients saying people were sending them emails that were bouncing or
never being delivered.

My setup involves two MX servers (call them mail2 and mail3) running sendmail,

* handle all inbound mail for all domains

* have dcc, virus scanning, SA, etc on them

* once mail is scanned and found to be clean that email is passed to another
server (call it main1) which holds the user mailboxes

I use dccm (for sendmail milter) and dccifd (for SA scoring).

Both mail2 and mail3 have the same priority MX records, so either one of them
can be chosen when an smtp connection is made to them.

I noticed that when the "temporary greylist embargoed" message would come up
in the maillogs on say, mail2, sometimes the next connection for the same
message would go to the alternate MX server, mail3. When messages were
embargoed they literally were never released.

On each MX server I have a "localhost" greylist server running. I also 

After reading more dcc greylisting documentation, I realised that grey_flod
should be used to share checksums with both MX servers, but looking at the
grey_flod file for help in setting it up, well, I just don't know what to put
in there.

Then after reading more documentation, I started to think whether both MX's
need to run local greylist servers or do they need to be running from a
central greylist server?

If someone has a link on how to set this up properly for my type of
environment ie. two MX servers on the internet which forward to one backend
server holding mailboxes, I'd really appreciate it.



More information about the DCC mailing list

Contact by mail or use the form.