Greetpause seems very ineffective (Was: RE: Increased Volumes OfSpam)

Kevin Miller Kevin_Miller at ci.juneau.ak.us
Sat Jan 20 01:22:34 CET 2007


Durval Menezes wrote:
> Hello folks,
> 
> Scott Silva <ssilva at sgvwater.com> on Tue, Jan 16, 2007 at 10:24:11
> -0800, wrote: 
>> Greetpause does help a lot, as I probably drop 10 to 20% of the spam
>> with it alone. Five seconds is a good starting point, but probably
>> not over 30 seconds.
> 
> The first time I became aware of GreetPause, I dismissed it as
> probably 
> not very effective, because it would be very simple for spammers to
> adapt 
> by just stopping the slam; on the negative side, it would end up
> slowing 
> ALL traffic, including the legitimate (non-spam) emails.
> 
> Then I came upon Scott's (and others) recommendations, as above, and I
> wondered if my initial analysis was incorrect; today, I found the time
> to configure one of my servers to use GreetPause, and measured its
> efficiency using pause intervals of 1s, 5s and 10s. The numbers I
> obtained are as follows:
> 
> Pause:    GreetPause:  total connections:	pre-greet/conexoes:
> 1s     		 14          645         	2.17%
> 5s      	 19          383         	4.96%
> 10s      	 36          535         	6.73%
> 
> What's worse, about 80% of the connections blocked by GreetPause would
> have been blocked anyway by the MTA using RBLs alone, so the
> *effective* Greetpause improvement over using RBLs alone would be
> about 1% or less, 
> even with relativelly large (10s) pauses.
> 
> I've rechecked my analysis and found no mistakes; are you folks
> *really* measuring GreetPause efficiency and finding these 10-20%
> numbers, or are 
> you deriving these numbers more from "feeling" or something? What
> other explanations for the above discrepancies can you think of?
> 
> If anyone wants to sift through my logs, I can make then avalable;
> just ask.

I can't speak for others, but it really boils down to how you want to
run your inbound mail.  I use RBLs, but I do so in MailScanner, not my
MTA (sendmail, FFIW).  Consequently, all the messages would have been
accepted anyway.  Too many false positives with RBLs to reject them out
of hand.  At least for me - YMMV.

By running greet pause, I was able to reject out of hand a large number
of mails.  Don't remember the proportion but it seems like it was around
half anyway.  I could be way off though in either direction - it's been
too long since I turned it on.  I have MailWatch installed, so when I
turned on greet pause I was able to quickly and easily see a big
difference in the graph after only a day or two.  Anyway, that's a lot
of mail that MailScanner/Spamassassin/AV didn't have to bother with.
For me, it was a very worthwhile feature to enable.

Also, it depends on the amount of messages you get a day.  If you're
talking 1000 messages, then what's another 67?  If you're talking a
million, then you're processing 67,300 messages that need to be scanned.

It isnt' the end all, be all of spam filtering.  It's just another tool
in the bucket.  But 6.73% here, 20% there, and it all adds up.

Have a good weekend...

...Kevin
-- 
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500


More information about the MailScanner mailing list