Greylisting

Jared Watkins jared at watkins.net
Thu Jun 30 13:07:01 EDT 2005


Bill McGonigle wrote:

> Is anybody using Greylisting on their mailservers?  It sounds like a 
> great idea.
>
> Roughly:
>
>     * incoming mail gets scanned for envelope sender, envelope 
> recipient, sending IP
>     * if it's the first time the tuple is seen it gives an SMTP 
> 'temporary failure' error.  The sending MTA retrys.
>     * if it's been seen before it's accepted
>
> Reportedly, most mass-Spamming tools will just drop the attempt if 
> it's not immediately successful. People are reporting 95% reductions 
> of input to SpamAssassin, et. al.  I'm not sure if it makes economic 
> sense for spammers to deal with temporary errors.  So this 
> countermeasure has some arms-race problems, but perhaps fewer than 
> most anti-spam techniques.  Obviously a critical mass will push it 
> over the edge at some point.
>     
>   http://projects.puremagic.com/greylisting/whitepaper.html
>   http://isg.ee.ethz.ch/tools/postgrey/


I implemented GPS http://mimo.gn.apc.org/gps/ at my company about 6
months ago... and the decrease in spam and total processed messages has
been dramatic.  Checking our graphs... I'd say we went from rejecting
around 25/min to maybe 3-5/min.   There have been a few bumps...
occasionally the users will forget or get confused about it and think
there is a delivery problem... and rarely I see a 'real' email server
that does not handle the 450 soft errors correctly... but overall I'd
say it's been a success.

I have a cluster of mail relays... and afaikatt GPS is the only one out
there that uses a database for storage of the info... allowing multiple
systems to share the same lists in real time.

Jared




More information about the gnhlug-discuss mailing list