Slightly OT: Greylisting success or failure stories?

Thu Feb 3 21:55:06 UTC 2005

On Thu, 2005-02-03 at 15:49, David Hoffman wrote:
> I looked for any discussion lists about greylisting and haven't found
> any, so I thought I might try asking here.
> 
> I'm considering adding greylisting to my postfix configuration, and
> some of the articles I have been reading about greylisting show that
> there can be any of several situations in which greylisting would not
> be a viable solution.
> 
> In particular they mention issues with how some MTAs break something
> in the RFC that makes greylisting work, and how receiving mail from a
> site which uses multiple relay hosts (each with a different address)
> can also cause mail to not be delivered.
> 
> So I thought I would ask on the list to see if anyone has done much
> with greylisting and found it to be good or bad.
> 
> I do also use the DNSBL lists, and some of my accounts also use TMDA.
> What I am hoping for is that with greylisting, I can further reduce
> the amount of spam mail traffic.
> 
> Thanks.
> 

I implemented greylisting for a company that was getting between 3000 to
8000 spam messages a day.  I originally implemented spamassassin for
them which worked wonders.  But I would see the email server
occasionally come under heavy load when a a flurry of spam would hit. 
Spamassassin can use a lot of resources at times.

Also with spamassassin it still took someones time to review the spam
bucket to check for false positives.  This was not much of an issue
after about 4 weeks when the bayes database had a good sampling of spam
and ham.

Anyway, I implemented greylisting and went from the 3000 to 8000 spam
messages a day down to 3 or 10 a day.  It worked better than I had even
guessed.

In my setup I was using sendmail and chose to use milter-greylist.     
http://groups.yahoo.com/group/milter-greylist/

I also looked at this greylisting option, believe this is the one that
Evan Harris built.  I think he was the one that came up with the
greylisting idea.

http://lists.puremagic.com/cgi-bin/mailman/listinfo/greylist-users

Both mailing lists have moderate traffic.  

I believe both solutions (I know milter-greylist does) have a whitelist
option where non-compliant email servers can be listed or known
associates so their email is not greylisted.  This is also used for
those services that have multiple relay hosts.  Those are usually the
larger ISPs and organizations so whitelisting their email servers is not
a problem.

I know there are greylisting solutions for postfix but I have not used
any of them.  

I found that setting the delay period to as little as 2 minutes garnered
all the benefits of greylisting.  Most legit MTAs retried messages in
the first 5 minutes.  I gathered that from the log files.  But
understand that the delay you set is the time period that you will not
take a message from the tuple (sender, recpient, IP address).  The
sending MTA controls the actual retry period and could back off for
several hours depending on how it is configured.

Proper use of the whitelist capabilities eliminates delays for legit
traffic.  You could even monitor the log file to identify known regular
senders to add to the whitelist if you wanted but I did not find that
necessary. 

This has been running for about a year at that company and they have not
seen an increase in spam rates.  At the time that company was about to 
abandon email altogether.  It had become more of a nuisance than it was
worth.  I highly recommend implementation of greylisting.  

-- 
Scot L. Harris
webid at cfl.rr.com

A lifetime isn't nearly long enough to figure out what it's all about. 