Date: Sat, 28 Apr 2007 02:29:53 -0700 From: "Ted Mittelstaedt" <tedm@toybox.placo.com> To: "Christopher Hilton" <chris@vindaloo.com> Cc: User Questions <freebsd-questions@freebsd.org> Subject: RE: Greylisting -- Was: Anti Spam Message-ID: <BMEDLGAENEKCJFGODFOCCEAGCAAA.tedm@toybox.placo.com> In-Reply-To: <46326ECD.8060604@vindaloo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> -----Original Message----- > From: owner-freebsd-questions@freebsd.org > [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Christopher > Hilton > Sent: Friday, April 27, 2007 2:45 PM > To: Ted Mittelstaedt > Cc: User Questions > Subject: Re: Greylisting -- Was: Anti Spam > > > Ted Mittelstaedt wrote: > > [snip] > > >> When I scan my maillogs I find that 22% of the hosts that generate a > >> greylisting entry retry the mail delivery and thus get whitelisted. The > >> other 78% don't attempt redelivery within the greylisting window. > > > > That's probably par. > > > > However, the reason your putting so much faith in the delaying, > is simply > > that you aren't getting a lot of spam. > > > > I have published e-mail addresses. Without greylisting I got about > > 1500-2000 mail messages a day to each of them. > > > > > > Greylisting isn't just about delaying. IIRC greylisting is filtering for > spam/ham based on behaviour in the message originators MTA. My > greylister is using two behavioural assumptions: > > Spamming MTA's don't have the capability to queue and retry mail. > Asking them to queue and retry will cause them to drop the mail on the > floor thus filtering spam. > > Spamming MTA's don't like to be tarpitted. Stuttering at them and > sizing the TCP Windows so they must wait will result in them > disconnecting before they can exchanged mail thus filtering spam. > Both of those are assumptions your making that are just not true anymore. Spammers are adapting to greylisting. I've been running it for at least 2 years now and every month more and more spam is making it past the greylist and getting caught by spamassassin. As I mentioned previously, it does not take a lot of programming effort to do it. When I first setup greylisting the results were literally spectacular. Nowadays they are great, but not much beyond that. All of the things your saying about greylisting decreasing the load and all that are true, and just because it's not as effective as it once was doesen't mean you should not use it. But, I am not blind to what my eyes are telling me. In aonther 5 years, greylisting will be like all other spamfilter techniques, effective only against a minority of spam Ted
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BMEDLGAENEKCJFGODFOCCEAGCAAA.tedm>