Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-28 23:32 UTC

Message

Re: [milter-greylist] Is greylisting still a valid technique?

2009-10-07 by Oliver Fromme

For your amusement, here are the statistics from a very
small sever of mine.  :-)  It's only hosting a few private
domains.

Numbers are from midnight to now, i.e. roughly 17 hours.

       4   connections rejected by greet_pause
   12707   connections rejected by RBL
      56   messages not greylisted
      45   messages greylisted
      23   new tuples autowhitelisted

So, clearly the majority of spam messages are caught by
the RBL settings, which are rather tight on this machine.
But still, greylisting catches a good amount of the
remaining spam.

It should also be noted that some RBLs are in fact using
greylisting feedback to add entries to their lists.
So it is not suprising that many connections that would
be caught by greylisting are already caught by the RBLs.

By the way, my greet_pause setting is currently 5 seconds.
I'm considering to increase it to 10 seconds and check
if it catches more connections then.

One final important note:  It is not sufficient to grep
for 'autowhitelisted' because that will also match log
entries about expired autowhitelisted entries:

Oct  7 16:12:35 server milter-greylist: addr xx.xx.xx.xx
from <yy@...> rcpt <zz@...>: autowhitelisted entry expired

Grepping for 'autowhitelisted for' seems to work for me.

On another small server that runs a ticket system for a
limited group of people, numbers looks like this:

      1   connections rejected by greet_pause
   2604   connections rejected by RBL
    383   messages not greylisted
    140   messages greylisted
     39   new tuples autowhitelisted

And yet another box that belongs to a small company:

     0   connections rejected by greet_pause
    57   connections rejected by RBL
   276   messages not greylisted
    28   messages greylisted
     1   new tuples autowhitelisted

So I would say that greylisting is definitely not useless,
in general.

Best regards
   Oliver

-- 
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606,  Gesch\ufffdftsfuehrung:
secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht M\ufffdn-
chen, HRB 125758,  Gesch\ufffdftsf\ufffdhrer: Maik Bachmann, Olaf Erb, Ralf Gebhart

FreeBSD-Dienstleistungen, -Produkte und mehr:  http://www.secnetix.de/bsd

'Instead of asking why a piece of software is using "1970s technology,"
start asking why software is ignoring 30 years of accumulated wisdom.'

Attachments

  • No local attachments were found for this message.

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.