Greylisting -- Was: Anti Spam

Christopher Sean Hilton chris at
Thu Apr 26 16:04:54 UTC 2007

Ted Mittelstaedt wrote:


>> Greylisting works because many, and I'd like to say most, spam programs
>> never retry message delivery.
> Actually, no.  Greylisting works because it delays the spam injector
> long enough that the injector will get blacklisted by the time that the
> greylist opens the door for the mail to come in.  Greylisting alone
> by itself is getting less and less effective every day.  Spammers are now
> starting to setup spam injectors to retry.  If you think about it, it is
> very easy to program.  Simply create a list of victims, iterate through
> the list once, deleting all the victims that accept, then wait several
> hours and iterate through the list again.  It didn't take a rocket scientist
> to figure that one out.
> Since SA has a lot of the major blacklist servers as score-feeders, the
> spam that gets past the greylist just gets tagged by SA.

When I scan my maillogs I find that 22% of the hosts that generate a 
greylisting entry retry the mail delivery and thus get whitelisted. The 
other 78% don't attempt redelivery within the greylisting window. The 
reason that I'm using greylisting is to reduce the load on SA so I can 
continue to use spam bayes. Quite honestly spam bayes is either the most 
or second most effective spam filtering technique that I'm using but its 
a CPU hog.

If I had to rank the effectiveness of the filtering that I'm doing I 
would say that greylisting is probably the most effective. I'm using 
spamd with tarpitting and that alone is responsible for filtering 90% of 
my spam. Spam bayes is probably second but I haven't counted the number 
of messages that are getting filed as spam based on the bayes classifier.

Some numbers from crunching my combined maillogs (primary and secondary 
mx) from Apr 24th 20:00:00 ~ Apr 25th 20:00:00.

1566 hosts generated 1907 connections to my primary and secondary MXers.

155 hosts generated 192 greylisting entries on either one or both of my 

34 hosts attempted to retry mail generating 40 whitelist transactions on 
one or both of my mailservers.

-- Chris

       __o          "All I was doing was trying to get home from work."
     _`\<,_           -Rosa Parks
Christopher Sean Hilton                      chris | at |

                   pgp: f5:30:0a:54:e1:55:76:9b:1f:47:0b:07:e9:75:0e:14

More information about the freebsd-questions mailing list