On Thu, 2005-02-03 at 15:49, David Hoffman wrote: > I looked for any discussion lists about greylisting and haven't found > any, so I thought I might try asking here. > > I'm considering adding greylisting to my postfix configuration, and > some of the articles I have been reading about greylisting show that > there can be any of several situations in which greylisting would not > be a viable solution. > > In particular they mention issues with how some MTAs break something > in the RFC that makes greylisting work, and how receiving mail from a > site which uses multiple relay hosts (each with a different address) > can also cause mail to not be delivered. > > So I thought I would ask on the list to see if anyone has done much > with greylisting and found it to be good or bad. > > I do also use the DNSBL lists, and some of my accounts also use TMDA. > What I am hoping for is that with greylisting, I can further reduce > the amount of spam mail traffic. > > Thanks. > I implemented greylisting for a company that was getting between 3000 to 8000 spam messages a day. I originally implemented spamassassin for them which worked wonders. But I would see the email server occasionally come under heavy load when a a flurry of spam would hit. Spamassassin can use a lot of resources at times. Also with spamassassin it still took someones time to review the spam bucket to check for false positives. This was not much of an issue after about 4 weeks when the bayes database had a good sampling of spam and ham. Anyway, I implemented greylisting and went from the 3000 to 8000 spam messages a day down to 3 or 10 a day. It worked better than I had even guessed. In my setup I was using sendmail and chose to use milter-greylist. http://groups.yahoo.com/group/milter-greylist/ I also looked at this greylisting option, believe this is the one that Evan Harris built. I think he was the one that came up with the greylisting idea. http://lists.puremagic.com/cgi-bin/mailman/listinfo/greylist-users Both mailing lists have moderate traffic. I believe both solutions (I know milter-greylist does) have a whitelist option where non-compliant email servers can be listed or known associates so their email is not greylisted. This is also used for those services that have multiple relay hosts. Those are usually the larger ISPs and organizations so whitelisting their email servers is not a problem. I know there are greylisting solutions for postfix but I have not used any of them. I found that setting the delay period to as little as 2 minutes garnered all the benefits of greylisting. Most legit MTAs retried messages in the first 5 minutes. I gathered that from the log files. But understand that the delay you set is the time period that you will not take a message from the tuple (sender, recpient, IP address). The sending MTA controls the actual retry period and could back off for several hours depending on how it is configured. Proper use of the whitelist capabilities eliminates delays for legit traffic. You could even monitor the log file to identify known regular senders to add to the whitelist if you wanted but I did not find that necessary. This has been running for about a year at that company and they have not seen an increase in spam rates. At the time that company was about to abandon email altogether. It had become more of a nuisance than it was worth. I highly recommend implementation of greylisting. -- Scot L. Harris webid@xxxxxxxxxx A lifetime isn't nearly long enough to figure out what it's all about.
