Greylisting -- Was: Anti Spam

Ted Mittelstaedt tedm at toybox.placo.com
Sat Apr 28 09:29:12 UTC 2007



> -----Original Message-----
> From: owner-freebsd-questions at freebsd.org
> [mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Christopher
> Hilton
> Sent: Friday, April 27, 2007 2:45 PM
> To: Ted Mittelstaedt
> Cc: User Questions
> Subject: Re: Greylisting -- Was: Anti Spam
>
>
> Ted Mittelstaedt wrote:
>
> [snip]
>
> >> When I scan my maillogs I find that 22% of the hosts that generate a
> >> greylisting entry retry the mail delivery and thus get whitelisted. The
> >> other 78% don't attempt redelivery within the greylisting window.
> >
> > That's probably par.
> >
> > However, the reason your putting so much faith in the delaying,
> is simply
> > that you aren't getting a lot of spam.
> >
> > I have published e-mail addresses.  Without greylisting I got about
> > 1500-2000 mail messages a day to each of them.
> >
> >
>
> Greylisting isn't just about delaying. IIRC greylisting is filtering for
> spam/ham based on behaviour in the message originators MTA. My
> greylister is using two behavioural assumptions:
>
>       Spamming MTA's don't have the capability to queue and retry mail.
> Asking them to queue and retry will cause them to drop the mail on the
> floor thus filtering spam.
>
>       Spamming MTA's don't like to be tarpitted. Stuttering at them and
> sizing the TCP Windows so they must wait will result in them
> disconnecting before they can exchanged mail thus filtering spam.
>

Both of those are assumptions your making that are just not true anymore.
Spammers are adapting to greylisting.  I've been running it for at
least 2 years now and every month more and more spam is making it
past the greylist and getting caught by spamassassin.  As I mentioned
previously, it does not take a lot of programming effort to do it.

When I first setup greylisting the results were literally spectacular.
Nowadays they are great, but not much beyond that.  All of the things your
saying about greylisting decreasing the load and all that are true, and
just because it's not as effective as it once was doesen't mean you should
not use it.  But, I am not blind to what my eyes are telling me.  In
aonther 5 years, greylisting will be like all other spamfilter
techniques, effective only against a minority of spam

Ted



More information about the freebsd-questions mailing list