[SA-exim] Greylisting Question
Jeff Clark
2006-09-13 15:35:34 UTC
Hi, just a quick question. I've got greylisting set up using sa-exim. I
was under the impression that if a mail comes in that scores below the
SAtempreject threshold, it gets automatically whitelisted. This doesn't
seem to be the case on my set up however. For example, I recently had a
mail that scored -2.xxx and I see the following in the appropriate directory
in /var/spool/sa-exim/tuplets:

Status: Greylisted
Last Message-Id: ***@xxxx.xxxx
Whitelisted Count: 0
Query Count: 1
SA Score: -2.16985

The mail didn't actually get temp rejected of course because the score was
below sa-exim's SAtempreject( 1 in my case) , but I would expect the status
in the above tuplet to be "Whitelisted".

Any idea what I might be doing wrong?

2006-09-15 14:20:56 UTC
Post by Jeff Clark
Hi, just a quick question. I've got greylisting set up using sa-exim. I
was under the impression that if a mail comes in that scores below the
SAtempreject threshold, it gets automatically whitelisted. This doesn't
seem to be the case on my set up however. For example, I recently had a
mail that scored -2.xxx and I see the following in the appropriate directory
Status: Greylisted
Whitelisted Count: 0
Query Count: 1
SA Score: -2.16985
The mail didn't actually get temp rejected of course because the score was
below sa-exim's SAtempreject( 1 in my case) , but I would expect the status
in the above tuplet to be "Whitelisted".
Ok, I see how you can get confused a bit, it's not what you expected.

So, first, as you say, the mail did get through, which was the idea.

The SA score does not influence whether a host gets whitelisted. It does
influence whether a mail gets accepted though, as you would ultimately
If the SA score is too high, however, greylisting is skipped, and that will
help the host not to get whitelisted next time.

If it's lower, setting the tuplet to whitelisted wouldn't really help
because you can't have the greylist module say that a host is whitelisted if
it's the first mail you got from there (otherwise, a low SA score would
further lower the score by pretending that the host was whitelisted).
As for the next mail from them, since now you have a tuplet for that source,
the next tuplet is likely to switch to whitelisted, generating the behaviour
we're looking for.

I know it's not super obvious, but ultimately whitelisting happens
independently from the score, so that whitelisting affects the score, but
the score doesn't affect whitelisting (otherwise you'd have have a feedback

"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems & security ....
.... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/