On Thu, 2004-12-09 at 09:06, Ow Mun Heng wrote: > > > > No, greylisting is a completely different thing. Greylisting ensures that the > > sending server is a proper MTA that retries when it sees a temporary failure > > during a delivery attempt. Most spamware does not do this, hence greylisting > > stops lots of spam. SURBL is looking at the message body after delivery and > > scoring it as likely to be spam or not based on the URLs found there. Two > > completely different things. > > In that case, in some cases, eg: if one runs their own mail-server, > grey-listing seems to be a better option compared to spamassassin, even > when using SURBL. > > Reason being, greylisting stops it at the MTA level, spamassassin only > tracks it once it's already in the system. Yes you need to have control of the MTA receiving the messages to implement greylisting. I would say that greylisting complements spamassassin and vice versa. Spamassassin is great at assigning a score to a message, as you indicate once it is on the system. Greylisting eliminates a large portion of spam messages before they every get on your system. I initially implemented spamassassin which after a few days of training bayes and the addition of a few extra rule sets worked wonders. It tagged virtually all spam coming into the system. However the down side was that someone still needed to review the spam bucket for false positives. In addition during severe spam storms the mail server would bog down trying to process all those messages through spamassassin. I then implemented greylisting which at the time I figured would only help a little. I was amazed to find that it actually blocked 90 to 99% of the spam we were receiving. And because spamassassin did not have to process all those messages the system does not break a sweat anymore. Running the combination of greylisting and spamassassin has provided virtually 100% elimination of spam. And surprisingly the maintenance of both is minimal. A few scripts that are run take care of feeding bayes and the greylisting configuration has required minimal support once the whitelist was populated with known associates. I would recommend using both systems as they handle different aspects of the spam problem. Plus it provides some depth to the defenses. If/when the spammers start figuring out ways around greylisting spamassassin is there backing it up. But so far there has been little sign that the spammers are bothering to work around the issue. -- Scot L. Harris webid@xxxxxxxxxx To err is human, to forgive unusual.
