OT - Greylisting

Julian Field MailScanner at ecs.soton.ac.uk
Fri Aug 11 12:20:37 IST 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Jim Holland wrote:
> On Thu, 10 Aug 2006, Julian Field wrote:
>
>   
>> The solution to this that I have just deployed here is "greylisting". I
>> have set the delay time to 10 minutes, and the whitelist-remember time
>> to 32 days. No-one notices the 10 minutes delay on the first email in a
>> conversation, and 32 days means that the monthly email reminder messages
>> from mailing lists are whitelisted.
>>
>> My users are *really* fussy, and I ran a trial of greylisting for a week
>> with a few selected users who opted in to the trial. I purposely didn't
>> tell them what I was changing so I could run a proper blind test. Not
>> one of them noticed the 10 minute delay time. So I have just deployed it
>> out to all 2000 users I have, and there have been no complaints at all.
>>     
>
> I am puzzled to hear this, because the 10 minute delay time is set on your
> side - ie the delay time between connection attempts before your server
> will accept the connection.  However it doesn't take into consideration
> the problem of the delay that will occur on the sending side between
> delivery attempts.  Many systems will retry delivery only after a fairly
> long interval.  The default for sendmail is 30 minutes, but some busy
> systems will have a default of as long as 4 hours.  This means that in 
> practice I would expect the real delay to be far longer than 10 minutes 
> for many messages.
>
> Worse still, there are some systems that will treat a 451 error as a fatal
> error, and will not retry the mail.  I have found this with Yahoo and
> Gmail, for example.  (I was trying to force them to deliver to our
> secondary MX that has more bandwidth than we do because of their very
> annoying failure to implement the ESTMP "size" extension - meaning that we
> sometimes have to accept say 10 MB of traffic before we can then tell them
> that the message is too large.)
>   
There is a list of the known large sites that suffer this problem, you 
just put it in your greylist.conf file. The milter-greylist package 
comes with it already inserted for you.

http://cvs.puremagic.com/viewcvs/greylisting/schema/whitelist_ip.txt?rev=1.12

> Another concern is the impact that greylisting would have on the Internet 
> if its adoption became widespread - it would mean that all mail servers 
> would have to work twice as hard to deliver mail.  I do find the delivery 
> delays rather annoying as a sender of mail - seeing mail stuck in the mail 
> queue waiting for some possibly unknown period of time before it gets 
> accepted.
>   
I agree with you. But in practice no-one appears to notice. After all, 
how many people sit there tail-ing their outgoing mail logs?
> That said, I am sure that greylisting does make a big impact on spam for
> those that implement it.
>   
It certainly does.

I quite agree that there are various aspects of greylisting with which I 
am not entirely happy, but the advantages for my users outweigh them 
substantially. My management, who are not PHB's at all, agree with me. I 
am in the lucky position of having bosses who I respect :-)

>> It has got rid of the single-image stock adverts completely. :-)
>>     
>  
>   
>> Daniel Maher wrote:
>>     
>>> I've noticed that a lot of the image spam uses bitmap (.bmp) images.  Unfortunately, that SARE plugin appears to handle gif, png, and jpg images only.  Does anybody know of a plugin that will recognise bmp's as well?
>>>
>>> --
>>>   _
>>>  °v°  Daniel Maher
>>> /(_)\ Administrateur Système Unix
>>>  ^ ^  Unix System Administrator
>>>  
>>> Sentio aliquos togatos contra me conspirare.
>>>       
>>>> -----Original Message-----
>>>> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
>>>> bounces at lists.mailscanner.info] On Behalf Of Michele Neylon::
>>>> Blacknight.ie
>>>> Sent: August 7, 2006 9:53 AM
>>>> To: MailScanner discussion
>>>> Subject: Re: gOCR SpamAssassin plugin
>>>>
>>>> The one that Dallas posted on the SA users group seems to work well:
>>>>
>>>> http://www.rulesemporium.com/plugins.htm#imageinfo
>>>>
>>>> --
>>>> Mr Michele Neylon
>>>> Blacknight Solutions
>>>> Quality Business Hosting & Colocation
>>>> http://www.blacknight.ie/
>>>> Tel. 1850 927 280
>>>> Intl. +353 (0) 59  9183072
>>>> Direct Dial: +353 (0)59 9183090
>>>> Fax. +353 (0) 59  9164239
>>>> --
>>>> MailScanner mailing list
>>>> mailscanner at lists.mailscanner.info
>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>
>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>
>>>> Support MailScanner development - buy the book off the website!
>>>>         
>> - -- 
>> Julian Field
>> www.MailScanner.info
>> Buy the MailScanner book at www.MailScanner.info/store
>>
>> MailScanner customisation, or any advanced system administration help?
>> Contact me at Jules at MailScanner.biz
>>
>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>> Get your PCs and servers from Transtec.de, very well built and reliable!
>>
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: PGP SDK 3.7.0
>> Charset: ISO-8859-1
>>
>> wj8DBQFE26YZEfZZRxQVtlQRAiItAJ9VIh871XcWBmt+vKCW2iNWNJq7rgCg/jO7
>> XD/0cflE3euPCUqXSdxU6CI=
>> =vULH
>> -----END PGP SIGNATURE-----
>>
>>
>>     
>
>   

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



-----BEGIN PGP SIGNATURE-----
Version: PGP SDK 3.7.0
Charset: ISO-8859-1

wj8DBQFE3GgGEfZZRxQVtlQRAr9mAKCBl9c9OVzvCerwHzbgVoyWHQ1e2QCgsDLK
BvSzpboCTRXZFWQZZokaIpw=
=//bR
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

More information about the MailScanner mailing list