Greylisting -- Was: Anti Spam
Christopher Sean Hilton
chris at vindaloo.com
Thu Apr 26 16:04:54 UTC 2007
Ted Mittelstaedt wrote:
>> Greylisting works because many, and I'd like to say most, spam programs
>> never retry message delivery.
> Actually, no. Greylisting works because it delays the spam injector
> long enough that the injector will get blacklisted by the time that the
> greylist opens the door for the mail to come in. Greylisting alone
> by itself is getting less and less effective every day. Spammers are now
> starting to setup spam injectors to retry. If you think about it, it is
> very easy to program. Simply create a list of victims, iterate through
> the list once, deleting all the victims that accept, then wait several
> hours and iterate through the list again. It didn't take a rocket scientist
> to figure that one out.
> Since SA has a lot of the major blacklist servers as score-feeders, the
> spam that gets past the greylist just gets tagged by SA.
When I scan my maillogs I find that 22% of the hosts that generate a
greylisting entry retry the mail delivery and thus get whitelisted. The
other 78% don't attempt redelivery within the greylisting window. The
reason that I'm using greylisting is to reduce the load on SA so I can
continue to use spam bayes. Quite honestly spam bayes is either the most
or second most effective spam filtering technique that I'm using but its
a CPU hog.
If I had to rank the effectiveness of the filtering that I'm doing I
would say that greylisting is probably the most effective. I'm using
spamd with tarpitting and that alone is responsible for filtering 90% of
my spam. Spam bayes is probably second but I haven't counted the number
of messages that are getting filed as spam based on the bayes classifier.
Some numbers from crunching my combined maillogs (primary and secondary
mx) from Apr 24th 20:00:00 ~ Apr 25th 20:00:00.
1566 hosts generated 1907 connections to my primary and secondary MXers.
155 hosts generated 192 greylisting entries on either one or both of my
34 hosts attempted to retry mail generating 40 whitelist transactions on
one or both of my mailservers.
__o "All I was doing was trying to get home from work."
_`\<,_ -Rosa Parks
Christopher Sean Hilton chris | at | vindaloo.com
More information about the freebsd-questions