Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-28 23:32 UTC

Message

Re: [milter-greylist] Is greylisting still a valid technique?

2009-10-07 by Rick Knight

Oliver Fromme wrote:
>  
>
>
> For your amusement, here are the statistics from a very
> small sever of mine. :-) It's only hosting a few private
> domains.
>
> Numbers are from midnight to now, i.e. roughly 17 hours.
>
> 4 connections rejected by greet_pause
> 12707 connections rejected by RBL
> 56 messages not greylisted
> 45 messages greylisted
> 23 new tuples autowhitelisted
>
> So, clearly the majority of spam messages are caught by
> the RBL settings, which are rather tight on this machine.
> But still, greylisting catches a good amount of the
> remaining spam.
>
> It should also be noted that some RBLs are in fact using
> greylisting feedback to add entries to their lists.
> So it is not suprising that many connections that would
> be caught by greylisting are already caught by the RBLs.
>
> By the way, my greet_pause setting is currently 5 seconds.
> I'm considering to increase it to 10 seconds and check
> if it catches more connections then.
>
> One final important note: It is not sufficient to grep
> for 'autowhitelisted' because that will also match log
> entries about expired autowhitelisted entries:
>
> Oct 7 16:12:35 server milter-greylist: addr xx.xx.xx.xx
> from <yy@... <mailto:yy%40yy.yy>> rcpt <zz@... 
> <mailto:zz%40zz.zz>>: autowhitelisted entry expired
>
> Grepping for 'autowhitelisted for' seems to work for me.
>
> On another small server that runs a ticket system for a
> limited group of people, numbers looks like this:
>
> 1 connections rejected by greet_pause
> 2604 connections rejected by RBL
> 383 messages not greylisted
> 140 messages greylisted
> 39 new tuples autowhitelisted
>
> And yet another box that belongs to a small company:
>
> 0 connections rejected by greet_pause
> 57 connections rejected by RBL
> 276 messages not greylisted
> 28 messages greylisted
> 1 new tuples autowhitelisted
>
> So I would say that greylisting is definitely not useless,
> in general.
>
> Best regards
> Oliver
>
> -- 
> Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
> Handelsregister: Registergericht Muenchen, HRA 74606, Gesch\ufffdftsfuehrung:
> secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht M\ufffdn-
> chen, HRB 125758, Gesch\ufffdftsf\ufffdhrer: Maik Bachmann, Olaf Erb, Ralf Gebhart
>
> FreeBSD-Dienstleistungen, -Produkte und mehr: 
> http://www.secnetix.de/bsd <http://www.secnetix.de/bsd>
>
> 'Instead of asking why a piece of software is using "1970s technology,"
> start asking why software is ignoring 30 years of accumulated wisdom.'
>
> 
Oliver,

How are you collecting the statistic on greet_pause?

Thanks,
Rick

Attachments

  • No local attachments were found for this message.

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.