Greylisting .. nice ..
DAve
dave.list at pixelhammer.com
Tue Nov 7 20:51:25 GMT 2006
mikea wrote:
> On Tue, Nov 07, 2006 at 01:26:28PM -0600, Rob Poe wrote:
>>>>> My thoughts so far are this: Why didn't I do this sooner.
>>>> Its going to be pointless soon, problem is, as more and more people
>> do
>>>> this, it wont be long before the common garden variety spammers
>> smtp
>>>> engine will also retry on 4xx errors, id give it a year tops (if
>> some of
>>>> them are not already doing it)
>>> My objection to it is not that it doesn't work, but that it makes all
>>> genuine mail servers work twice as hard to deliver mail. I like
>> having an
>>
>> I agree, that the spammers MIGHT try to adapt to this, but at THIS
>> MOMENT, it works. Computer tech is moment based. Since when have we
>> used virus scanners on Microsoft OS'es that only scan on demand (real
>> time scanning). Why? Because the virus writers adapted. The viruses
>> are far nastier. Spam will get far, far nastier.
>>
>> I have a mailserver I admin that gets the following in spam statistics
>> .. for yesterday at midnight.
>>
>> 1040 blocked yesterday due to sendmail access.db blocks (the worst
>> subnet offenders from foreign countries)
>> 20,000 blocked for invalid recipient
>> 124 blocked by RBLs, of which I cannot use all of because their clients
>> host email servers on DSL / Cable modem connections.
>> 68 blocked by spamassassin for high spam score
>> 2000 greylist 1st attempts
>> 204 greylist passes
>>
>> They STILL get spam .. but it's blocked almost ALL of the image based
>> spams, and almost ALL of the pharmaceutical messages, and most of the
>> nasty porn stuff. And with the bayes poisioning they get, SA wasn't
>> touching it ..
>>
>> I agree, greylisting isn't the best thing since sliced bread .. but
>> with the wild state of things on the Internet, it sure comes close IMO.
>> Not everyone has a 2.8ghz dual xeon with 4 gigs of ram to dedicate to
>> spamassassin with OCR recognition.
>>
>> This email domain name is 10 years old. It used to run Groupwise 5.2
>> (ok, so maybe it still does) which the GWIA is so horribly broken that
>> it will accept email to ANY user (doesn't relay it, but DOES accept it
>> even if invalid).
>>
>> So the spammers have dictionary attacked it for SO long that they all
>> think that asuidewiuwer at thatdomainname is a vaild recipient, while it is
>> not.
>
>>From my inbound mailfilter's logs, about 1030 local:
> $ grep graylist /var/log/maillog | wc -l
> 2807
> $ grep "accepted for delivery" /var/log/maillog | wc -l
> 2308
>
> Just now, at 1409 local:
> grep "accepted for delivery" /var/log/maillog | wc -l && grep graylist /var/log/maillog | wc -l
> 2642
> 3115
>
> That's 500 or so mails that graylisting stopped at 10:30, minus the
> ones still in the graylisting delay when I pulled the sample. Probably
> about 480 mails actually had been stopped then. The difference still
> is about 500-ish, and that's mails that the later stages of the filter
> (MailScanner, SpamAssassin, and ClamAV) don't have to spend CPU on.
>
> That's in addition to extensive blacklists, a regular-expression-match
> milter, and some other stuff, and before the sendmail access database,
> MailScanner, SpamAssassin, and ClamAV.
>
> Some days I'm more than a bit amazed that *anything* gets through.
>
bash# cat /var/log/maillogs/maillog | grep 'stat=queued' | wc -l
33384
bash# cat /var/log/maillogs/maillog | grep 'reject=451' | wc -l
89036
bash# cat /var/log/maillogs/maillog | grep 'auto-whitelisted' | wc -l
8833
That is just one server. I would be buried without Milter-Greylist, I
would be looking for a job without MailScanner.
DAve
--
Three years now I've asked Google why they don't have a
logo change for Memorial Day. Why do they choose to do logos
for other non-international holidays, but nothing for
Veterans?
Maybe they forgot who made that choice possible.
More information about the MailScanner
mailing list