[TriLUG] Another seal not yet broken... using Greylisting
OlsonE at aosa.army.mil
OlsonE at aosa.army.mil
Mon Jan 29 10:42:12 EST 2007
You shouldn't see any issues with *.mil either. We're using digital signatures
/ require smart-card authentication to do just about anything on the network
(as I attach my digital sig) on this e-mail.
I know the DMA (Direct Marketing Assoc.) requires all of its members to use
"sender-id". This helps out somewhat as well ...especially when a dispute
comes about from one company spamming individuals. (I know this because I
worked for one of the larger Direct Marketing companies in the US not too long
ago).
@ the last company, we were also using Postini, which was flippin sweet. I
think with our volume licensing, it came to somewhere around $2 a user
...which is pennies when it compares to the amount of time lost fighting help
desk calls because some user just gave out their ebay or paypal account. For
the most part, we saw about a 99% reduction in spam, and when one did get
through, it was usually blocked within minutes. They also rely on their own
filtering, and users submitting "spam e-mails" into their pool ...which I can
only imagine has built a massive database for them.
I like the idea of requiring mail servers to "trust" each other -- but I don't
think this will be a viable solution ...as it would undoubtedly get abused.
-----Original Message-----
From: trilug-bounces at trilug.org [mailto:trilug-bounces at trilug.org] On Behalf
Of Dave Sorenson
Sent: Monday, January 29, 2007 10:34 AM
To: Triangle Linux Users Group discussion list
Subject: Re: [TriLUG] Another seal not yet broken... using Greylisting
I've got mine set to 30 seconds and the longest delay I've seen during testing
was about 5 minutes. I can say that I have not seen any problems with large
server farms (google, hotmail, yahoo, mindspring) dealing with the greylist.
Nor have I seen issues from my work, or the various state agency servers I get
mail from friends from. (I'm using the greylist-milter with Sendmail if that
matters.)
To borrow an old line ... You can have my greylist-milter when you pry it from
my cold dead server.. (apologies for the drama) ;-)
Dave
Douglas Ward wrote:
> I implemented greylist.pl in my environment (~25k messages per day)
> and found it to not work well. Many of the large isp's have multiple
> outgoing e-mail servers which results in the following scenario:
>
> Server 1 attempts to deliver from somebody at test.com and is greylisted.
> After defined pause Server 2 attempts to deliver from
> somebody at test.com and is greylisted again.
> After another defined pause Server 3 attempts to deliver from
> somebody at test.com and is greylisted again.
>
> I imagine this is three entries in the database file for future messages.
> The end user's message never delivers and they freak out. I know the
> answer is to probably whitelist these domains but I didn't have the
> time to keep up with it.
>
> Another issue that I ran across was even though I had set the greylist
> to accept after 30 seconds the sending server would wait much longer
> to try again (sometimes a half day or more).
>
> Do you see this behavior on your side? I would love to turn the rule
> back on but it caused too many interruptions. YMMV though. Thanks!
>
--
TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ
: http://members.trilug.org/services_faq/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4983 bytes
Desc: not available
URL: <http://www.trilug.org/pipermail/trilug/attachments/20070129/af07245e/attachment.bin>
More information about the TriLUG
mailing list