Date: Sat, 28 Apr 2007 20:05:16 -0400 From: Bart Silverstrim <bsilver@chrononomicon.com> To: Ted Mittelstaedt <tedm@toybox.placo.com> Cc: Christopher Hilton <chris@vindaloo.com>, User Questions <freebsd-questions@freebsd.org> Subject: Re: Greylisting -- Was: Anti Spam Message-ID: <EEAE7D29-8176-4D0A-BFE1-F6CBFBAD805E@chrononomicon.com> In-Reply-To: <BMEDLGAENEKCJFGODFOCCEAGCAAA.tedm@toybox.placo.com> References: <BMEDLGAENEKCJFGODFOCCEAGCAAA.tedm@toybox.placo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Apr 28, 2007, at 5:29 AM, Ted Mittelstaedt wrote: > > >> -----Original Message----- >> From: owner-freebsd-questions@freebsd.org >> [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Christopher >> Hilton >> Sent: Friday, April 27, 2007 2:45 PM >> To: Ted Mittelstaedt >> Cc: User Questions >> Subject: Re: Greylisting -- Was: Anti Spam >> >> >> Ted Mittelstaedt wrote: >> >> [snip] >> >>>> When I scan my maillogs I find that 22% of the hosts that >>>> generate a >>>> greylisting entry retry the mail delivery and thus get >>>> whitelisted. The >>>> other 78% don't attempt redelivery within the greylisting window. >>> >>> That's probably par. >>> >>> However, the reason your putting so much faith in the delaying, >> is simply >>> that you aren't getting a lot of spam. >>> >>> I have published e-mail addresses. Without greylisting I got about >>> 1500-2000 mail messages a day to each of them. >>> >>> >> >> Greylisting isn't just about delaying. IIRC greylisting is >> filtering for >> spam/ham based on behaviour in the message originators MTA. My >> greylister is using two behavioural assumptions: >> >> Spamming MTA's don't have the capability to queue and retry >> mail. >> Asking them to queue and retry will cause them to drop the mail on >> the >> floor thus filtering spam. >> >> Spamming MTA's don't like to be tarpitted. Stuttering at >> them and >> sizing the TCP Windows so they must wait will result in them >> disconnecting before they can exchanged mail thus filtering spam. >> > > Both of those are assumptions your making that are just not true > anymore. > Spammers are adapting to greylisting. I've been running it for at > least 2 years now and every month more and more spam is making it > past the greylist and getting caught by spamassassin. As I mentioned > previously, it does not take a lot of programming effort to do it. Sure they're adapting. They're also adapting to Spamassassin. The fact that it doesn't take a lot of programming effort isn't the reason, though, since it doesn't take a lot of effort to NOT TOP POST yet people continue to do so. > When I first setup greylisting the results were literally spectacular. > Nowadays they are great, but not much beyond that. All of the > things your > saying about greylisting decreasing the load and all that are true, > and > just because it's not as effective as it once was doesen't mean you > should > not use it. But, I am not blind to what my eyes are telling me. In > aonther 5 years, greylisting will be like all other spamfilter > techniques, effective only against a minority of spam And yet there are still people, despite the problem spammers are creating, who think that email is a vital and reliable service upon which to hinge the success or failure of their business relations.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?EEAE7D29-8176-4D0A-BFE1-F6CBFBAD805E>