-
Greylisting
Filed under SpamMar 14For a while I’ve been using limited greylisting on my mail server with reasonably good success.
Last weekend I implemented site wide and I have to say the results are dramatic. The amount of spam (even low rated by spamassassin) has dropped off significantly.
Detailed information on greylisting can be found here, but in a nutshell:
Greylisting relies on the fact that spammers don’t use normal mail servers. Basically, the first time a mail server receives a mail delivery request, it responds with a soft failure … with a message indicating that greylisting is in effect and they should retry the delivery in certain amount of time (this is a human readable message, not machine readable). Since normal mail servers will accept this message and requeue the email for delivery, the email will then be delivered normally (probably on the next pass).
Spammers aren’t that persistent, so they just go on to their next target.
A good greylisting implementation retains the list of servers that have successfully delivered in a whitelist, so the next time they try to deliver there is no delay, the delay is only encountered once.
One downside of greylisting that I’ve found is that there is an increased chance of messages arriving out of order when a server tries it’s first message deliver. The reason is this … the first message delivery will be attempted and be rejected due to greylisting, if a different message delivery is attempted AFTER the greylisting delay has expired but BEFORE the first message is delivered, then the second message will be delivered and will be out of context.
I’ve got my mail server configured to greylist servers for only 2 minutes … so the next time the server tries to deliver, it’s almost certain to be successful.
I’m using milter-greylist with sendmail. It was easy to setup and works great.
[tags]spam, sendmail, greylisting, milter[/tags]
3 Responses to “Greylisting”
-
Pelle said on March 16th, 2006 at 7:25 am
Greylisting is indeed the most effective weapon against spam that I have found. We implemented it on our server about a year ago and saw immediate drastic decline in spam levels. The only real annoyance is that it sometimes takes a bit of time for mail to appear from from a new sender.We use an OpenBSD server with qmail and OpenBSD’s built in Spamd honeypot. Anyone blacklisted by the grey list get stuck in the spamd server for 20 minutes or so, which at least slows them down a bit.
-
Isn’t this one of those tools that is effective now, but effectively worthless once everyone adopts it? It’s so easy to work around (just try again) that spammers will do so as soon as it impacts their ability to reach inboxes..
-
david said on March 16th, 2006 at 6:12 pm
Well, the technique depends on the fact that spammers don’t want to hang around long enough to be identified … so if they can’t deliver the spam fast, they won’t deliver it at all.
Leave a Reply
Archives
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
- July 2006
- June 2006
- May 2006
- April 2006
- March 2006
- February 2006
- January 2006
- December 2005
- November 2005
- October 2005
- September 2005
- August 2005
- July 2005
- June 2005
- May 2005
- April 2005
- March 2005
- February 2005
- January 2005
- December 2004
- November 2004
- October 2004
- September 2004
- August 2004
- July 2004
- June 2004
- May 2004
- February 2004
- January 2004
- December 2003
- November 2003
- March 2002
Recent Comments