On Wed, 2004-12-08 at 12:03, David Cary Hart wrote: > On Wed, 2004-12-08 at 11:56 -0500, Scot L. Harris wrote: > > > However to keep from having to process all those spam messages you > > should also implement greylisting. That alone will reduce spam by over > > 90% and you won't have to process all those spam messages. > > milter-greylist is a very good implementation that I have used with > > sendmail. Easy to install and has been trouble free. > > > We did a paid study on the issue. The bottom line is that greylisting is > great for reducing spam but may be HORRIBLE in a business environment. The biggest problem that MIGHT occur is users expecting IM type response from email. And that is only an issue if the person you are communicating with is not in your whitelist. I have found that setting a 2 minute delay before a new ip/from/to tuple is auto whitelisted works quite well. True, the actual retry period is dependent on the senders MTA but most MTAs I have seen retry a message within 10 minutes. The only other issue are those that utilize large email server farms where a message may get sent from different systems on each retry. So far the list of those is relatively small and you can pre-populate the ones that are known. When this was implemented the company was about to chuck email completely due to the overhead of sorting through all the spam. Initially I implemented spamassassin which worked great. But even that required a fair amount of time to review those messages dumped to the spam bucket just in case there was a false positive. So far greylisting has worked wonders in this particular case. There were times when the email server was almost completely over loaded during particularly heavy spam storms. Since greylisting the system has not broken a sweat. -- Scot L. Harris webid@xxxxxxxxxx Everything should be built top-down, except this time.
