In our scenario sbl-xbl at the MTA plus SURBL blocks 80% of spam... If I add greylisting the result goes up to over 95%. I use Xwall spam filter.
I wish all SMTP servers were greylisting compliant - there are some interesting problems - bummer.
Is anyone else recommending or not recommending greylisting and what are your experiences. Seems like surbl should get more effective over the years but right now it probably only stops 50% of our spam if used by itself.
Paul Schwarz Stark Truss Company, Inc. Senior Network Administrator (330) 478-2100
-----Original Message----- From: Jeff Chan [mailto:jeffc@surbl.org] Sent: Wednesday, December 01, 2004 4:14 AM To: Paul Schwarz Cc: 'SURBL Discussion list' Subject: Re: [SURBL-Discuss] Hi I'm new and I like SURBL
On Tuesday, November 30, 2004, 6:02:53 AM, Paul Schwarz wrote:
sbl-xbl.spamhaus.org - reject at SMTP level standard greylisting SURBL - using multi.surbl.org
Hi Paul, sbl-xbl at the MTA plus SURBL use should be an effective combination. It's what I've been recommending to other folks. Preventing spams from even entering your network using spamhaus is quite safe, fast and smart.
Jeff C. -- "If it appears in hams, then don't list it."
Paul,
Is anyone else recommending or not recommending greylisting and what are your experiences. Seems like surbl should get more effective over the
Greylisting rocks, however I've been building a greylist whitelist to help get over the problem of various people who run non-compliant systems.
So with a good list of trusted netblocks not to greylist, it is even more effective. I've been sharing this with a few people, if you or anyone else is interested please mail me offlist.
Regards,
Joseph
On Monday, December 6, 2004, 8:54:09 PM, Joseph Burford wrote: (Paul Schwarz writes:)
Is anyone else recommending or not recommending greylisting and what are your experiences. Seems like surbl should get more effective over the
Greylisting rocks, however I've been building a greylist whitelist to help get over the problem of various people who run non-compliant systems.
So with a good list of trusted netblocks not to greylist, it is even more effective. I've been sharing this with a few people, if you or anyone else is interested please mail me offlist.
OK I think there may be some confusion about the term 'greylisting' here. Greylisting is one of those terms that can mean different things in different contexts. In this case, it looks like:
1. Paul may be referring to putting marginal spams into a separate mail folder or mailbox so that they can be checked manually for spamminess, then delivered or deleted. Perhaps Paul can clarify if that's what he meant.
2. Joseph means using blocklists based on 'grey' criteria, i.e. domains are mentioned in some legitimate mail and also some spams.
Jeff C. -- "If it appears in hams, then don't list it."
On Mon, 6 Dec 2004, Jeff Chan wrote:
On Monday, December 6, 2004, 8:54:09 PM, Joseph Burford wrote: (Paul Schwarz writes:)
Is anyone else recommending or not recommending greylisting and what are your experiences. Seems like surbl should get more effective over the
Greylisting rocks, however I've been building a greylist whitelist to help get over the problem of various people who run non-compliant systems.
So with a good list of trusted netblocks not to greylist, it is even more effective. I've been sharing this with a few people, if you or anyone else is interested please mail me offlist.
OK I think there may be some confusion about the term 'greylisting' here. Greylisting is one of those terms that can mean different things in different contexts. In this case, it looks like:
- Paul may be referring to putting marginal spams into a
separate mail folder or mailbox so that they can be checked manually for spamminess, then delivered or deleted. Perhaps Paul can clarify if that's what he meant.
- Joseph means using blocklists based on 'grey' criteria,
i.e. domains are mentioned in some legitimate mail and also some spams.
Jeff C.
Hmm, Jeff I think that you've overlooked a third definition for the term "greylisting".
What Joseph is probably refering to is a system such that all incoming SMTP connections are given a "TEMP-FAIL" status the first time they touch your system. The second time the remote system tries to hand your server the message, it will take the message and then do any additional processing (virus filtering, spam filtering, accepting & delivering, etc).
Well behaived mail servers will take the 'TEMP-FAIL' status as an indication to put the message back into the queue and retry later. spam-bots will just drop the message and move onto the next victim. (that's the theory).
Such temp-fail greylisting takes very little resources on your server, just some kind of simple database to say "have we seen this message before?" (much less effort than RBLs, Spamassassin filtering, etc).
Some "legit" sites do not take the TEMP-FAIL message nicely, and have to be given a hand configured 'bypass' to that processing. Also as the whole process increases the delivery time, you probably want to 'bypass' known good sites. (cannot keep boss waiting for his wife's Hotmail ;).
For more info check out: http://projects.puremagic.com/greylisting/ http://hcpnet.free.fr/milter-greylist/ http://www.milter.info/milter-gris/index.shtml
on Mon, Dec 06, 2004 at 10:10:06PM -0800, Jeff Chan wrote:
On Monday, December 6, 2004, 8:54:09 PM, Joseph Burford wrote: (Paul Schwarz writes:)
Is anyone else recommending or not recommending greylisting and what are your experiences. Seems like surbl should get more effective over the
Greylisting rocks, however I've been building a greylist whitelist to help get over the problem of various people who run non-compliant systems.
So with a good list of trusted netblocks not to greylist, it is even more effective. I've been sharing this with a few people, if you or anyone else is interested please mail me offlist.
OK I think there may be some confusion about the term 'greylisting' here.
That's because greylisting means one thing - the use of 4xx delays to short-circuit spambots and ratware.
http://projects.puremagic.com/greylisting/
I use "offwhitelist" for "tainted" hosts/domains; it suggests both the whitelist aspect and the fact of it's lack of shiny pure whiteness.
-
David B Funk -
Jeff Chan -
Joseph Burford -
Paul Schwarz -
Steven Champeon