On Mon, 6 Dec 2004, Jeff Chan wrote:
On Monday, December 6, 2004, 8:54:09 PM, Joseph Burford wrote: (Paul Schwarz writes:)
Is anyone else recommending or not recommending greylisting and what are your experiences. Seems like surbl should get more effective over the
Greylisting rocks, however I've been building a greylist whitelist to help get over the problem of various people who run non-compliant systems.
So with a good list of trusted netblocks not to greylist, it is even more effective. I've been sharing this with a few people, if you or anyone else is interested please mail me offlist.
OK I think there may be some confusion about the term 'greylisting' here. Greylisting is one of those terms that can mean different things in different contexts. In this case, it looks like:
- Paul may be referring to putting marginal spams into a
separate mail folder or mailbox so that they can be checked manually for spamminess, then delivered or deleted. Perhaps Paul can clarify if that's what he meant.
- Joseph means using blocklists based on 'grey' criteria,
i.e. domains are mentioned in some legitimate mail and also some spams.
Jeff C.
Hmm, Jeff I think that you've overlooked a third definition for the term "greylisting".
What Joseph is probably refering to is a system such that all incoming SMTP connections are given a "TEMP-FAIL" status the first time they touch your system. The second time the remote system tries to hand your server the message, it will take the message and then do any additional processing (virus filtering, spam filtering, accepting & delivering, etc).
Well behaived mail servers will take the 'TEMP-FAIL' status as an indication to put the message back into the queue and retry later. spam-bots will just drop the message and move onto the next victim. (that's the theory).
Such temp-fail greylisting takes very little resources on your server, just some kind of simple database to say "have we seen this message before?" (much less effort than RBLs, Spamassassin filtering, etc).
Some "legit" sites do not take the TEMP-FAIL message nicely, and have to be given a hand configured 'bypass' to that processing. Also as the whole process increases the delivery time, you probably want to 'bypass' known good sites. (cannot keep boss waiting for his wife's Hotmail ;).
For more info check out: http://projects.puremagic.com/greylisting/ http://hcpnet.free.fr/milter-greylist/ http://www.milter.info/milter-gris/index.shtml