Greylisting -- Was: Anti Spam
bsilver at chrononomicon.com
Sun Apr 29 00:08:33 UTC 2007
On Apr 28, 2007, at 5:29 AM, Ted Mittelstaedt wrote:
>> -----Original Message-----
>> From: owner-freebsd-questions at freebsd.org
>> [mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Christopher
>> Sent: Friday, April 27, 2007 2:45 PM
>> To: Ted Mittelstaedt
>> Cc: User Questions
>> Subject: Re: Greylisting -- Was: Anti Spam
>> Ted Mittelstaedt wrote:
>>>> When I scan my maillogs I find that 22% of the hosts that
>>>> generate a
>>>> greylisting entry retry the mail delivery and thus get
>>>> whitelisted. The
>>>> other 78% don't attempt redelivery within the greylisting window.
>>> That's probably par.
>>> However, the reason your putting so much faith in the delaying,
>> is simply
>>> that you aren't getting a lot of spam.
>>> I have published e-mail addresses. Without greylisting I got about
>>> 1500-2000 mail messages a day to each of them.
>> Greylisting isn't just about delaying. IIRC greylisting is
>> filtering for
>> spam/ham based on behaviour in the message originators MTA. My
>> greylister is using two behavioural assumptions:
>> Spamming MTA's don't have the capability to queue and retry
>> Asking them to queue and retry will cause them to drop the mail on
>> floor thus filtering spam.
>> Spamming MTA's don't like to be tarpitted. Stuttering at
>> them and
>> sizing the TCP Windows so they must wait will result in them
>> disconnecting before they can exchanged mail thus filtering spam.
> Both of those are assumptions your making that are just not true
> Spammers are adapting to greylisting. I've been running it for at
> least 2 years now and every month more and more spam is making it
> past the greylist and getting caught by spamassassin. As I mentioned
> previously, it does not take a lot of programming effort to do it.
Sure they're adapting. They're also adapting to Spamassassin. The
fact that it doesn't take a lot of programming effort isn't the
reason, though, since it doesn't take a lot of effort to NOT TOP POST
yet people continue to do so.
> When I first setup greylisting the results were literally spectacular.
> Nowadays they are great, but not much beyond that. All of the
> things your
> saying about greylisting decreasing the load and all that are true,
> just because it's not as effective as it once was doesen't mean you
> not use it. But, I am not blind to what my eyes are telling me. In
> aonther 5 years, greylisting will be like all other spamfilter
> techniques, effective only against a minority of spam
And yet there are still people, despite the problem spammers are
creating, who think that email is a vital and reliable service upon
which to hinge the success or failure of their business relations.
More information about the freebsd-questions