Greylisting -- Was: Anti Spam

[Bart Silverstrim]

On Apr 28, 2007, at 5:29 AM, Ted Mittelstaedt wrote:

>
>
>> -----Original Message-----
>> From: owner-freebsd-questions at freebsd.org
>> [mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Christopher
>> Hilton
>> Sent: Friday, April 27, 2007 2:45 PM
>> To: Ted Mittelstaedt
>> Cc: User Questions
>> Subject: Re: Greylisting -- Was: Anti Spam
>>
>>
>> Ted Mittelstaedt wrote:
>>
>> [snip]
>>
>>>> When I scan my maillogs I find that 22% of the hosts that  
>>>> generate a
>>>> greylisting entry retry the mail delivery and thus get  
>>>> whitelisted. The
>>>> other 78% don't attempt redelivery within the greylisting window.
>>>
>>> That's probably par.
>>>
>>> However, the reason your putting so much faith in the delaying,
>> is simply
>>> that you aren't getting a lot of spam.
>>>
>>> I have published e-mail addresses.  Without greylisting I got about
>>> 1500-2000 mail messages a day to each of them.
>>>
>>>
>>
>> Greylisting isn't just about delaying. IIRC greylisting is  
>> filtering for
>> spam/ham based on behaviour in the message originators MTA. My
>> greylister is using two behavioural assumptions:
>>
>>       Spamming MTA's don't have the capability to queue and retry  
>> mail.
>> Asking them to queue and retry will cause them to drop the mail on  
>> the
>> floor thus filtering spam.
>>
>>       Spamming MTA's don't like to be tarpitted. Stuttering at  
>> them and
>> sizing the TCP Windows so they must wait will result in them
>> disconnecting before they can exchanged mail thus filtering spam.
>>
>
> Both of those are assumptions your making that are just not true  
> anymore.
> Spammers are adapting to greylisting.  I've been running it for at
> least 2 years now and every month more and more spam is making it
> past the greylist and getting caught by spamassassin.  As I mentioned
> previously, it does not take a lot of programming effort to do it.

Sure they're adapting. They're also adapting to Spamassassin.  The  
fact that it doesn't take a lot of programming effort isn't the  
reason, though, since it doesn't take a lot of effort to NOT TOP POST  
yet people continue to do so.

> When I first setup greylisting the results were literally spectacular.
> Nowadays they are great, but not much beyond that.  All of the  
> things your
> saying about greylisting decreasing the load and all that are true,  
> and
> just because it's not as effective as it once was doesen't mean you  
> should
> not use it.  But, I am not blind to what my eyes are telling me.  In
> aonther 5 years, greylisting will be like all other spamfilter
> techniques, effective only against a minority of spam

And yet there are still people, despite the problem spammers are  
creating, who think that email is a vital and reliable service upon  
which to hinge the success or failure of their business relations.