in the six months I have this deployed here I didn't have a single
complaint about mails not arriving due to greylisting (and yes my
users complain in such cases). Also I do use the standard whitelist
that greylisting.org is linking too which contains some servers that
have been configured by idiots that don't read the RFCs.
The most (now that I think about it all) complaints I had were related
to the use DNS block listing services and these again all to me using
sorbs. In the end I dumped sorbs in favor of spamhaus the result is
looking much better now.
Greylisting also breaks mail that is automated. In many models if
there's not a human willing to resend cr@p back to permit their
connection the email is SOL. As such it's a practice ripe with
failures.
Greylisting relies on "The assumption is that since temporary
failures are built into the RFC specifications for e-mail delivery,
a legitimate server will attempt to connect again later on to
deliver the e-mail." Unfortunately that's not a valid assumption as
mail need not be queued in the SMTP model. Hence it's a very
dangerous practice. And the RFC actually doesn't require redelivery
attempts so it's a very erroneous assumption.
-----
Rene Schaetzl
IT Exorcist - Western Academy of Beijing
email@hidden
