Greylisting
Jared Watkins
jared at watkins.net
Thu Jun 30 13:07:01 EDT 2005
Bill McGonigle wrote:
> Is anybody using Greylisting on their mailservers? It sounds like a
> great idea.
>
> Roughly:
>
> * incoming mail gets scanned for envelope sender, envelope
> recipient, sending IP
> * if it's the first time the tuple is seen it gives an SMTP
> 'temporary failure' error. The sending MTA retrys.
> * if it's been seen before it's accepted
>
> Reportedly, most mass-Spamming tools will just drop the attempt if
> it's not immediately successful. People are reporting 95% reductions
> of input to SpamAssassin, et. al. I'm not sure if it makes economic
> sense for spammers to deal with temporary errors. So this
> countermeasure has some arms-race problems, but perhaps fewer than
> most anti-spam techniques. Obviously a critical mass will push it
> over the edge at some point.
>
> http://projects.puremagic.com/greylisting/whitepaper.html
> http://isg.ee.ethz.ch/tools/postgrey/
I implemented GPS http://mimo.gn.apc.org/gps/ at my company about 6
months ago... and the decrease in spam and total processed messages has
been dramatic. Checking our graphs... I'd say we went from rejecting
around 25/min to maybe 3-5/min. There have been a few bumps...
occasionally the users will forget or get confused about it and think
there is a delivery problem... and rarely I see a 'real' email server
that does not handle the 450 soft errors correctly... but overall I'd
say it's been a success.
I have a cluster of mail relays... and afaikatt GPS is the only one out
there that uses a database for storage of the info... allowing multiple
systems to share the same lists in real time.
Jared
More information about the gnhlug-discuss
mailing list