From owner-freebsd-questions@FreeBSD.ORG Sat Apr 28 09:29:11 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id EA82616A402 for ; Sat, 28 Apr 2007 09:29:11 +0000 (UTC) (envelope-from tedm@toybox.placo.com) Received: from mail.freebsd-corp-net-guide.com (mail.web-strider.com [65.75.192.90]) by mx1.freebsd.org (Postfix) with ESMTP id 96EBE13C45A for ; Sat, 28 Apr 2007 09:29:11 +0000 (UTC) (envelope-from tedm@toybox.placo.com) Received: from TEDSDESK (nat-rtr.freebsd-corp-net-guide.com [65.75.197.130]) by mail.freebsd-corp-net-guide.com (8.13.8/8.13.8) with SMTP id l3S9TAkO049420; Sat, 28 Apr 2007 02:29:10 -0700 (PDT) (envelope-from tedm@toybox.placo.com) From: "Ted Mittelstaedt" To: "Christopher Hilton" Date: Sat, 28 Apr 2007 02:29:53 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) In-Reply-To: <46326ECD.8060604@vindaloo.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1896 Importance: Normal X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0 (mail.freebsd-corp-net-guide.com [65.75.192.90]); Sat, 28 Apr 2007 02:29:10 -0700 (PDT) Cc: User Questions Subject: RE: Greylisting -- Was: Anti Spam X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Apr 2007 09:29:12 -0000 > -----Original Message----- > From: owner-freebsd-questions@freebsd.org > [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Christopher > Hilton > Sent: Friday, April 27, 2007 2:45 PM > To: Ted Mittelstaedt > Cc: User Questions > Subject: Re: Greylisting -- Was: Anti Spam > > > Ted Mittelstaedt wrote: > > [snip] > > >> When I scan my maillogs I find that 22% of the hosts that generate a > >> greylisting entry retry the mail delivery and thus get whitelisted. The > >> other 78% don't attempt redelivery within the greylisting window. > > > > That's probably par. > > > > However, the reason your putting so much faith in the delaying, > is simply > > that you aren't getting a lot of spam. > > > > I have published e-mail addresses. Without greylisting I got about > > 1500-2000 mail messages a day to each of them. > > > > > > Greylisting isn't just about delaying. IIRC greylisting is filtering for > spam/ham based on behaviour in the message originators MTA. My > greylister is using two behavioural assumptions: > > Spamming MTA's don't have the capability to queue and retry mail. > Asking them to queue and retry will cause them to drop the mail on the > floor thus filtering spam. > > Spamming MTA's don't like to be tarpitted. Stuttering at them and > sizing the TCP Windows so they must wait will result in them > disconnecting before they can exchanged mail thus filtering spam. > Both of those are assumptions your making that are just not true anymore. Spammers are adapting to greylisting. I've been running it for at least 2 years now and every month more and more spam is making it past the greylist and getting caught by spamassassin. As I mentioned previously, it does not take a lot of programming effort to do it. When I first setup greylisting the results were literally spectacular. Nowadays they are great, but not much beyond that. All of the things your saying about greylisting decreasing the load and all that are true, and just because it's not as effective as it once was doesen't mean you should not use it. But, I am not blind to what my eyes are telling me. In aonther 5 years, greylisting will be like all other spamfilter techniques, effective only against a minority of spam Ted