Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-28 23:32 UTC

Message

Re: [milter-greylist] Re: Determining how successful milter-greylist is?

2013-04-09 by Jim Klimov

On 2013-04-09 09:08, Emmanuel Dreyfus wrote:
> On Tue, Apr 09, 2013 at 09:01:50AM +0200, Peter Bonivart wrote:
>  > Couldn't you make the exact same argument about greylisting?
>
> I do not think so.
>
> Working around greylisting means maintaining a queue. Since spammers
> use botnet, resources are free for them but they are not infinite.
> If the greylisting delay is long enough, we observe they do not afford it.

 From our practice, I'd add that greylisting works to a large
extent thanks to coupling with DNS RBLs, including dial-up
RBL lists. While the message from an unknown untrusted source
host is being delayed from coming into our relay, other letters
from this host might hit an RBL honeypot system and by the time
that greylisting permits the message in based on just the fact
of retry after a given timeout, it would be denied based on DNS
RBL hit. Proper emails from extranet are accepted on the MSA
port (587/tcp) with authentication and STARTTLS, so we should
have no spam that seems to be sent from one of our users to
another - as well as no harmful filtering enforced onto proper
authenticated users from random internet hosts.

This does of course require considerable delays on newly
greylisted contacts, which does sometimes cause grief from
our users; we use about 25 minutes typically (because many
legitimate hosts retry their submissions after half an hour
and then less often) so that greylist's impact is smaller
for legitimate mail, effecting a 30-minute delay usually.

We have long thought of implementing some "smart" filters
like SpamAssassin, but in fact the computationally cheap
methods like banner delay, DNS RBL, greylisting and regex
matching on host names (i.e. static-12-34-56-78.dialup.net)
do an extremely good job without hogging the CPU. We do get
one or two spams a day occasionally, usually from compromised
legitimate hosts or via our whitelists (honeypot receivers
or managers who chose to fight spam in their mail agents
rather than delay business mail), but this is not enough
of a threat to filter the rest of accepted mail with content
filters. In fact, with a reasonably long auto-white-list
(i.e. weeks) we get most of the benefit (bad guys are
still chopped off by DNS RBL - if they are caught) with
least downside (legit mails, even from "rare" counteragents,
pass quickly).

HTH,
//Jim Klimov
A happy user for about a decade ;)

Attachments

  • No local attachments were found for this message.

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.