Greylisting -- Was: Anti Spam
chris at vindaloo.com
Wed Apr 25 22:24:51 UTC 2007
Just my $0.02. Have you considered adding greylisting. I find the
combination of greylisting and Spamassassin with the SA's bayes filter
completely handles my spam problem. On my primary MX I use spamd on
OpenBSD and on my secondary MX I use spamd on FreeBSD. As a very
informal method of measurement my Inbox.spam folder, held an average of
400 messages per day in October before I started using spamd. It
currently averages about 80 messages per day.
If you don't know about greylisting it works as follows. A greylister
monitors port 25 for inbound mail connections. When a server connects to
this port to exchange mail the greylister predetermines the response
based on whether or not this server has exchanged mail in the recent
past. If it has it's allowed to exchange mail again and the server's
timestamp is updated. If the server has not exchanged mail in the recent
past the greylister responds: "45x - I'm too busy to talk to you right
now. Please try to deliver this mail later". It then puts the server and
information about the mail being delivered onto a list. If the same
server tries the same message later it passes and the greylister
promotes the server onto it's list of okay mail servers (mail servers
that it has exchanged mail with in the recent past).
Greylisting works because many, and I'd like to say most, spam programs
never retry message delivery. The best thing about greylisting is that
combines well with filters like SA by reducing the amount of mail that
they have to see. In my case something like 80% of the mail that
Spamassassin used to process just never gets past the greylister today.
The downsides to greylisting is that it delays the first message from a
legitimate mailserver. In the most common case the incurred delay will
be between 30 minutes and an hour. This assumes that then sending mail
server retries queued mails every half hour or so. In an extreme case
the delay may be longer. If the mail sender has a cluster for delivering
outbound mails and that cluster features shared message storage and
several processing units to handle the smtp transfer then the greylister
will trap that message until the same server attempts redelivery. This
is a problem with mail coming from very large internet companies like
Google or AOL or very distributed corporations like General Electric,
Unilever or United Technologies.
Since you are in an ISP environment greylisting may not be something
that you can do. I was extremely surprised when a client told me that
the 1 hr delay in receiving mail from new and infrequent mail servers
was too much to pay to stop the spam coming into his mailbox. I don't
claim to know the political layer as much as I do the technical one.
__o "All I was doing was trying to get home from work."
_`\<,_ -Rosa Parks
Christopher Sean Hilton <chris | at | vindaloo.com>
pgp key: D0957A2D/f5 30 0a e1 55 76 9b 1f 47 0b 07 e9 75 0e 14
More information about the freebsd-questions