Greylisting .. nice ..

Rob Poe rpoe at plattesheriff.org
Tue Nov 7 19:26:28 GMT 2006 

>> > My thoughts so far are this:  Why didn't I do this sooner.
> 
>> Its going to be pointless soon, problem is, as more and more people
do
>> this, it wont be long before the common garden variety spammers
smtp
>> engine will also retry on 4xx errors, id give it a year tops (if
some of
>> them are not already doing it)

>My objection to it is not that it doesn't work, but that it makes all
>genuine mail servers work twice as hard to deliver mail.  I like
having an

I agree, that the spammers MIGHT try to adapt to this, but at THIS
MOMENT, it works.  Computer tech is moment based.  Since when have we
used virus scanners on Microsoft OS'es that only scan on demand (real
time scanning).  Why?  Because the virus writers adapted.  The viruses
are far nastier.  Spam will get far, far nastier.

I have a mailserver I admin that gets the following in spam statistics
.. for yesterday at midnight.

1040 blocked yesterday due to sendmail access.db blocks (the worst
subnet offenders from foreign countries)
20,000 blocked for invalid recipient
124 blocked by RBLs, of which I cannot use all of because their clients
host email servers on DSL / Cable modem connections.
68 blocked by spamassassin for high spam score
2000 greylist 1st attempts 
204 greylist passes

They STILL get spam .. but it's blocked almost ALL of the image based
spams, and almost ALL of the pharmaceutical messages, and most of the
nasty porn stuff.  And with the bayes poisioning they get, SA wasn't
touching it ..

I agree, greylisting isn't the best thing since sliced bread .. but
with the wild state of things on the Internet, it sure comes close IMO. 
Not everyone has a 2.8ghz dual xeon with 4 gigs of ram to dedicate to
spamassassin with OCR recognition. 

This email domain name is 10 years old.  It used to run Groupwise 5.2
(ok, so maybe it still does) which the GWIA is so horribly broken that
it will accept email to ANY user (doesn't relay it, but DOES accept it
even if invalid).  

So the spammers have dictionary attacked it for SO long that they all
think that asuidewiuwer at thatdomainname is a vaild recipient, while it is
not.

Rob

More information about the MailScanner mailing list