[TriLUG] Another seal broken... thinking of installing a C/R anti-spam system

Tanner Lovelace clubjuggler at gmail.com
Sun Jan 28 00:31:08 EST 2007


On 1/27/07, Magnus <magnus at trilug.org> wrote:

> I've had mixed results with greylisting.  The problem is that some ISP's
> and corporations have a pool of outbound smtp servers that will retry
> from different hosts, so you may not get the same tuple on the retry and
> the mail is delayed again and again and again until it is eventually
> timed out.

Yes, you basically need to whitelist those servers.  When I run greylisting
I have a fairly extensive whitelist of the big servers like gmail, yahoo, aol,
etc...

Speaking of the effectiveness of greylisting, I have some interesting data.
I turned off greylisting on my server at the end of June.  Sometime in December,
faced with a mountain of spam, I turned it back on.  Here are the rrd graphs for
my mail server for the past year:

http://www.trilug.org/~lovelace/images/mail-sent-received-2006.png
http://www.trilug.org/~lovelace/images/mail-rej-bounce-vir-spam-2006.png

Note the slope of the first graph between those dates!

Now, note a couple of other things.  My server acts as backup MX for trilug.org.
So, I get a fair share of spam sent to {randomaddress}@trilug.org.  These
eventually get bounced, which is why the bounces are so high during that
period.  What amazes me, however, is how few bounces there are with greylisting
turned on.  Basically, it seems that the vast majority of  misformed
e-mails are
coming from bots that don't retry.

Lately, btw, I've been thinking of switching from straight, classic greylisting
to using policyd-weight to get a bit more options for rejecting e-mail.
Actually, doing some sort of combining of policyd-weight with greylisting
would probably be my preference.  While I extremely dislike rejecting
e-mail based solely on RBLs, I would like to consider greylisting e-mails
based on their RBL score.

Cheers,
Tanner

-- 
Tanner Lovelace
clubjuggler at gmail dot com
http://wtl.wayfarer.org/
(fieldless) In fess two roundels in pale, a billet fesswise and an
increscent, all sable.



More information about the TriLUG mailing list