Greetpause seems very ineffective (Was: RE: Increased Volumes Of Spam)

Durval Menezes jm153 at tmp.com.br
Sat Jan 20 01:05:33 CET 2007


Hello folks,

Scott Silva <ssilva at sgvwater.com> on Tue, Jan 16, 2007 at 10:24:11 -0800, wrote:
> Greetpause does help a lot, as I probably drop 10 to 20% of the spam with it
> alone. Five seconds is a good starting point, but probably not over 30
> seconds.

The first time I became aware of GreetPause, I dismissed it as probably
not very effective, because it would be very simple for spammers to adapt
by just stopping the slam; on the negative side, it would end up slowing
ALL traffic, including the legitimate (non-spam) emails.

Then I came upon Scott's (and others) recommendations, as above, and I
wondered if my initial analysis was incorrect; today, I found the time
to configure one of my servers to use GreetPause, and measured its
efficiency using pause intervals of 1s, 5s and 10s. The numbers I
obtained are as follows:

Pause:    GreetPause:  total connections:	pre-greet/conexoes:
1s     		 14          645         	2.17%
5s      	 19          383         	4.96%
10s      	 36          535         	6.73%

What's worse, about 80% of the connections blocked by GreetPause would
have been blocked anyway by the MTA using RBLs alone, so the *effective*
Greetpause improvement over using RBLs alone would be about 1% or less,
even with relativelly large (10s) pauses.

I've rechecked my analysis and found no mistakes; are you folks *really*
measuring GreetPause efficiency and finding these 10-20% numbers, or are
you deriving these numbers more from "feeling" or something? What other
explanations for the above discrepancies can you think of?

If anyone wants to sift through my logs, I can make then avalable;
just ask.

Thanks in advance for any and all input.

Best Regards,
-- 
   Durval Menezes (durval AT tmp DOT com DOT br, http://www.tmp.com.br/)


More information about the MailScanner mailing list