Should I use greylisting

[Matthew Bickerton <ma...@gmail.com>]

Hi,

I am setting up a new server, so have a chance to make big changes to my
email server.

I have been thinking about implementing Greylisting. However, I am worried
about blocking/long delays with e-mails from mail farms (gmail, yahoo etc.)

I would very much appreciate other people's recommendations on Greylisting
or other approaches to reducing the load on my server by rejecting spam
early.

Matthew

Re: Should I use greylisting

[Ricardo Oliveira <ri...@gmail.com>]

Adding my 0.2€ to the discussion...


I use qgreylist, which enables us to (if properly configured) block whole
/24 networks instead of single hosts. Of course, I'm using qmail, so this is
a qmail solution.

I've successfully integrated greylisting with A/V scanning and SA processing
in the incoming relays where you expect a little delay, and by doing so I've
diminished the perception of the "incoming first message wait time".

Regards,
Ricardo Oliveira
http://apache.weblog.com.pt/

Re: Should I use greylisting

[Mike Jackson <mj...@barking-dog.net>]

>>> Until the spammers build in retry into their bots, I'm a
>>> firm believer of greylisting.
>>
>> They have. I'm a sys admin at a major hosting provider, and I've seen it 
>> in action on at least one customer's box who was using greylisting. 
>> Considering spammers have near-infinite resources, it was only a matter 
>> of time before they'd either retry delivery on the same message, or 
>> simply wait an hour or so and try sending a new message.
>>
>
>    But even with some spammers are starting to retry, greylist is still > 
> a MAJOR antispam feature, which will block, in my experiences, more than 
> 85-90% of all SPAMs received by the system.

Perhaps now that's the case, but give it a few months until all the spambots 
out there start paying attention to deferrals and retrying. Greylisting may 
be effective now, but it's only a matter of time before the spammers learn 
to adapt, just like they have to everything else. 

Re: Should I use greylisting

[Leonardo Rodrigues Magalhães <le...@solutti.com.br>]

Mike Jackson escreveu:
>> Until the spammers build in retry into their bots, I'm a
>> firm believer of greylisting.
>
> They have. I'm a sys admin at a major hosting provider, and I've seen 
> it in action on at least one customer's box who was using greylisting. 
> Considering spammers have near-infinite resources, it was only a 
> matter of time before they'd either retry delivery on the same 
> message, or simply wait an hour or so and try sending a new message.
>

    But even with some spammers are starting to retry, greylist is still 
a MAJOR antispam feature, which will block, in my experiences, more than 
85-90% of all SPAMs received by the system.

    I use policyd (http://policyd.sourceforge.net) as my greylist 
daemon. It allows me to build blacklists based on reverse DNS of the 
hosts, so I built some blacklists for getting 
DSL/cable/dynamic/dialup/shitty networks worldwide. I also have built a 
whitelist based also on reverse DNSs, which allows me to completly 
whitelist all major ISPs worldwide and companies in my country (Brazil), 
thus acchieving a 'no-greylist-delay' situation for a great amount of 
messages sent by real servers.

    With that, i'm pretty convinced that a HUGE ammount of SPAMs are 
getting stopped on greylist level, avoiding those messages to reach 
'heavier' antispam features after greylist, like SpamAssassim for 
example. With whitelists, messages delay are not a big problem for the 
users, because i successfully whitelist all major ISPs in my country.


-- 


	Atenciosamente / Sincerily,
	Leonardo Rodrigues
	Solutti Tecnologia
	http://www.solutti.com.br

	Minha armadilha de SPAM, NÃO mandem email
	gertrudes@solutti.com.br
	My SPAMTRAP, do not email it

Re: Should I use greylisting

[Mike Jackson <mj...@barking-dog.net>]

> Until the spammers build in retry into their bots, I'm a
> firm believer of greylisting.

They have. I'm a sys admin at a major hosting provider, and I've seen it in 
action on at least one customer's box who was using greylisting. Considering 
spammers have near-infinite resources, it was only a matter of time before 
they'd either retry delivery on the same message, or simply wait an hour or 
so and try sending a new message. 

RE: Should I use greylisting

[Dylan Bouterse <dy...@corp.power1.com>]

I am using postgrey which allows for whitelisting of address ranges,
specific IPs, etc. I implemented it on the Thanksgiving weekend so it
could build up it's triplet database before hitting the work week email
and I've not had a single person complain. On the flip side, I very
rarely see spam come through that isn't sent to postmaster@ which is
whitelisted. Until the spammers build in retry into their bots, I'm a
firm believer of greylisting.

Dylan

> -----Original Message-----
> From: Matthew Bickerton [mailto:matbic@gmail.com]
> Sent: Thursday, January 25, 2007 7:33 AM
> To: users@spamassassin.apache.org
> Subject: Should I use greylisting
> 
> Hi,
> 
> I am setting up a new server, so have a chance to make big changes to
my
> email server.
> 
> I have been thinking about implementing Greylisting. However, I am
worried
> about blocking/long delays with e-mails from mail farms (gmail, yahoo
> etc.)
> 
> I would very much appreciate other people's recommendations on
Greylisting
> or other approaches to reducing the load on my server by rejecting
spam
> early.
> 
> Matthew

Re: Should I use greylisting

[uNiXpSyChO <ma...@uNiXpSyChO.com>]

Shaun T. Erickson wrote:
>> > Personally, I didn't like the added delay for first-time mails, 
>> which is
>> > why I chose to greylist only on blocklists, but for a minimal effort my
>> > spam was significantly reduced.
>>
>> what are you using to greylist based on blocklists?
> 
> I use maRBL. The latest version lets me greylist (I use sqlgrey, but
> there are others) anyone who is found on whatever RBLs I configure it
> to check, and any connection that comes from a Windows box (the vast
> majority of which are botnet zombies). It has had an immense impact on
> the amount of spam that gets through to be looked at by SA & clamav.
> I've been very happy with it.

hmm.  these two look like they're only for postfix.  darn.

was hoping for a Sendmail version and a SQL plugin.

Re: Should I use greylisting

["Shaun T. Erickson" <st...@gmail.com>]

> > Personally, I didn't like the added delay for first-time mails, which is
> > why I chose to greylist only on blocklists, but for a minimal effort my
> > spam was significantly reduced.
>
> what are you using to greylist based on blocklists?

I use maRBL. The latest version lets me greylist (I use sqlgrey, but
there are others) anyone who is found on whatever RBLs I configure it
to check, and any connection that comes from a Windows box (the vast
majority of which are botnet zombies). It has had an immense impact on
the amount of spam that gets through to be looked at by SA & clamav.
I've been very happy with it.
-- 
        -ste

Re: Should I use greylisting

[Chris Purves <ch...@northfolk.ca>]

Magnus Holmgren wrote:
> On Friday 26 January 2007 03:21, uNiXpSyChO wrote:
>> Chris Purves wrote:
>>> Personally, I didn't like the added delay for first-time mails, which is
>>> why I chose to greylist only on blocklists, but for a minimal effort my
>>> spam was significantly reduced.
>>>
>>> Hope that helps.
>> what are you using to greylist based on blocklists?
> 
> Judging from his presence on the Exim-related mailing lists he is probably 
> using the Exim MTA and its ACL facilities.
> 
Yes, that's what I'm doing.  Exim + greylistd.

-- 
Chris

Re: Should I use greylisting

[Magnus Holmgren <ho...@lysator.liu.se>]

On Friday 26 January 2007 03:21, uNiXpSyChO wrote:
> Chris Purves wrote:
> > Personally, I didn't like the added delay for first-time mails, which is
> > why I chose to greylist only on blocklists, but for a minimal effort my
> > spam was significantly reduced.
> >
> > Hope that helps.
>
> what are you using to greylist based on blocklists?

Judging from his presence on the Exim-related mailing lists he is probably 
using the Exim MTA and its ACL facilities.

-- 
Magnus Holmgren        holmgren@lysator.liu.se
                       (No Cc of list mail needed, thanks)

  "Exim is better at being younger, whereas sendmail is better for 
   Scrabble (50 point bonus for clearing your rack)" -- Dave Evans

Re: Should I use greylisting

[uNiXpSyChO <ma...@uNiXpSyChO.com>]

Chris Purves wrote:
> Matthew Bickerton wrote:
>>
<...snip...>

> Personally, I didn't like the added delay for first-time mails, which is 
> why I chose to greylist only on blocklists, but for a minimal effort my 
> spam was significantly reduced.
> 
> Hope that helps.
> 
> 

what are you using to greylist based on blocklists?

Re: Should I use greylisting

["Chris St. Pierre" <st...@NebrWesleyan.edu>]

On Thu, 25 Jan 2007, Chris Purves wrote:

> Matthew Bickerton wrote:
>>
>>  I have been thinking about implementing Greylisting. However, I am worried
>>  about blocking/long delays with e-mails from mail farms (gmail, yahoo etc.)
>> 
>
> You could compromise by greylisting based on blocklists (such as spamhaus, 
> etc.).

You could also take care of this by greylisting on the /24 netblock
instead of the /32 address.  Most greylisters support this these days,
and it eliminates retry problems with large mx pools.

Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
----------------------------
Never send mail to thobrux@nebrwesleyan.edu

Re: Should I use greylisting

[Chris Purves <ch...@northfolk.ca>]

Matthew Bickerton wrote:
> 
> I have been thinking about implementing Greylisting. However, I am worried
> about blocking/long delays with e-mails from mail farms (gmail, yahoo etc.)
> 

You could compromise by greylisting based on blocklists (such as 
spamhaus, etc.).  This would free up some resources by rejecting a fair 
amount of mail that would otherwise go to spamassassin.  For my setup 
(consisting of two users), greylisting with this method eliminates half 
of spam that would have otherwise gone to spamassassin. (about 250/500 
per week).  It also means that you can greatly increase the greylist 
time to several hours or even a day since it would be unlikely that 
legit e-mail would be greylisted, but if it was it would still get 
through, although quite delayed.  Of course if you are using blocklists 
for blocking...then that wouldn't help.

You can also add a whitelist to bypass the greylisting for large mail 
servers.

Personally, I didn't like the added delay for first-time mails, which is 
why I chose to greylist only on blocklists, but for a minimal effort my 
spam was significantly reduced.

Hope that helps.


-- 
Chris

Re: Should I use greylisting

[tom <to...@tacocat.net>]

You shouldn't have told them you were delaying any email....
After the first message there is no further delays and my bet is that  
they wouldn't have noticed anything unless you pointed it out.

I have found greylisting is quite capable of removing 50% of the spam  
before I even have to process it on my servers.
If you have the horsepower for it you don't need to do this  
greylisting...

On Jan 25, 2007, at 8:19 AM, Steven Stern wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Matthew Bickerton wrote:
>> Thanks, but does this mean I have to keep/maintain a list of all  
>> the mail
>> farms. Keeping this list up to date sounds horrid/impossible.
>>
>> Matthew
>>
>> -----Original Message-----
>> From: --[ UxBoD ]-- [mailto:uxbod@splatnix.net]
>> Sent: 25 January 2007 12:49
>> To: users@spamassassin.apache.org
>> Subject: Re: Should I use greylisting
>>
>> Check out http://policyd.sourceforge.net/ then as it allows you to
>> specify Servers/IP that should not be greylisted. Works very well.
>>
>> On Thu, 25 Jan 2007 12:33:19 -0000
>> "Matthew Bickerton" <ma...@gmail.com> wrote:
>>
>>> Hi,
>>>
>>> I am setting up a new server, so have a chance to make big  
>>> changes to
>>> my email server.
>>>
>>> I have been thinking about implementing Greylisting. However, I am
>>> worried about blocking/long delays with e-mails from mail farms
>>> (gmail, yahoo etc.)
>>>
>>> I would very much appreciate other people's recommendations on
>>> Greylisting or other approaches to reducing the load on my server by
>>> rejecting spam early.
>>>
>
> I tried out greylisting for several months for a select group of users
> using greylist-milter.  Their unanimous opinion was that they  
> wanted to
> receive mail "instantly". The 10 - 60 minute delay for first-time
> senders was unacceptable. The reduction in spam was not noticeable  
> as we
> get great results using a combination of ClamAV ans SpamAssassin  
> with a
> global bayes filter and many RDJ rules.
>
> - --
>
>   Steve
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
>
> iD8DBQFFuK5OeERILVgMyvARAoUEAJ9LhlgxkvoktjH88rlFpE9B39Zy0ACfVJF9
> nBF1MCNsvLkCKlOoyTVP7+Q=
> =CzLb
> -----END PGP SIGNATURE-----

Re: Should I use greylisting

[Steven Stern <su...@sterndata.com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Matthew Bickerton wrote:
> Thanks, but does this mean I have to keep/maintain a list of all the mail
> farms. Keeping this list up to date sounds horrid/impossible.
> 
> Matthew  
> 
> -----Original Message-----
> From: --[ UxBoD ]-- [mailto:uxbod@splatnix.net] 
> Sent: 25 January 2007 12:49
> To: users@spamassassin.apache.org
> Subject: Re: Should I use greylisting
> 
> Check out http://policyd.sourceforge.net/ then as it allows you to
> specify Servers/IP that should not be greylisted. Works very well.
> 
> On Thu, 25 Jan 2007 12:33:19 -0000
> "Matthew Bickerton" <ma...@gmail.com> wrote:
> 
>> Hi,
>>
>> I am setting up a new server, so have a chance to make big changes to
>> my email server.
>>
>> I have been thinking about implementing Greylisting. However, I am
>> worried about blocking/long delays with e-mails from mail farms
>> (gmail, yahoo etc.)
>>
>> I would very much appreciate other people's recommendations on
>> Greylisting or other approaches to reducing the load on my server by
>> rejecting spam early.
>>

I tried out greylisting for several months for a select group of users
using greylist-milter.  Their unanimous opinion was that they wanted to
receive mail "instantly". The 10 - 60 minute delay for first-time
senders was unacceptable. The reduction in spam was not noticeable as we
get great results using a combination of ClamAV ans SpamAssassin with a
global bayes filter and many RDJ rules.

- --

  Steve
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFFuK5OeERILVgMyvARAoUEAJ9LhlgxkvoktjH88rlFpE9B39Zy0ACfVJF9
nBF1MCNsvLkCKlOoyTVP7+Q=
=CzLb
-----END PGP SIGNATURE-----

Re: Should I use greylisting

["--[ UxBoD ]--" <ux...@splatnix.net>]

You can use wildcards :)

On Thu, 25 Jan 2007 12:58:51 -0000
"Matthew Bickerton" <ma...@gmail.com> wrote:

> Thanks, but does this mean I have to keep/maintain a list of all the
> mail farms. Keeping this list up to date sounds horrid/impossible.
> 
> Matthew  
> 
> -----Original Message-----
> From: --[ UxBoD ]-- [mailto:uxbod@splatnix.net] 
> Sent: 25 January 2007 12:49
> To: users@spamassassin.apache.org
> Subject: Re: Should I use greylisting
> 
> Check out http://policyd.sourceforge.net/ then as it allows you to
> specify Servers/IP that should not be greylisted. Works very well.
> 
> On Thu, 25 Jan 2007 12:33:19 -0000
> "Matthew Bickerton" <ma...@gmail.com> wrote:
> 
> > Hi,
> > 
> > I am setting up a new server, so have a chance to make big changes
> > to my email server.
> > 
> > I have been thinking about implementing Greylisting. However, I am
> > worried about blocking/long delays with e-mails from mail farms
> > (gmail, yahoo etc.)
> > 
> > I would very much appreciate other people's recommendations on
> > Greylisting or other approaches to reducing the load on my server by
> > rejecting spam early.
> > 
> > Matthew
> > 
> > 
> 

-- 
This message has been scanned for viruses and dangerous content by MailScanner, and is
believed to be clean.

RE: Should I use greylisting

[Matthew Bickerton <ma...@gmail.com>]

Thanks, but does this mean I have to keep/maintain a list of all the mail
farms. Keeping this list up to date sounds horrid/impossible.

Matthew  

-----Original Message-----
From: --[ UxBoD ]-- [mailto:uxbod@splatnix.net] 
Sent: 25 January 2007 12:49
To: users@spamassassin.apache.org
Subject: Re: Should I use greylisting

Check out http://policyd.sourceforge.net/ then as it allows you to
specify Servers/IP that should not be greylisted. Works very well.

On Thu, 25 Jan 2007 12:33:19 -0000
"Matthew Bickerton" <ma...@gmail.com> wrote:

> Hi,
> 
> I am setting up a new server, so have a chance to make big changes to
> my email server.
> 
> I have been thinking about implementing Greylisting. However, I am
> worried about blocking/long delays with e-mails from mail farms
> (gmail, yahoo etc.)
> 
> I would very much appreciate other people's recommendations on
> Greylisting or other approaches to reducing the load on my server by
> rejecting spam early.
> 
> Matthew
> 
> 

-- 
This message has been scanned for viruses and dangerous content by
MailScanner, and is
believed to be clean.

Re: Should I use greylisting

[Jonas Eckerman <jo...@frukt.org>]

Steven W. Orr wrote:

> I'm running sendmail and I want a good greylist that uses a mysql 
> database.

My selective greylist implementation uses MySQL or SQLite, but it is implemented in a MIMEDefang filter so if you don't use MIMEDefang you might not find it useful. It's at <http://whatever.frukt.org/mimedefangfilter.text.shtml>.

Regards
/Jonas
-- 
Jonas Eckerman, FSDB & Fruktträdet
http://whatever.frukt.org/
http://www.fsdb.org/
http://www.frukt.org/

Re: Should I use greylisting

["Chris St. Pierre" <st...@NebrWesleyan.edu>]

"Steven W. Orr" <st...@syslang.net> wrote:

> I'm running sendmail and I want a good greylist that uses a mysql
> database. There are all sorts of things out there but they're not
> dbms based.

Relaydelay (http://projects.puremagic.com/greylisting/downloads.html)
is the only Sendmail greylister I know of that uses MySQL

Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
----------------------------
Never send mail to thobrux@nebrwesleyan.edu

Re: Should I use greylisting

["--[ UxBoD ]--" <ux...@splatnix.net>]

On Thu, 25 Jan 2007 11:56:47 -0500 (EST)
"Steven W. Orr" <st...@syslang.net> wrote:

> On Thursday, Jan 25th 2007 at 12:49 -0000, quoth --[ UxBoD ]--:
> 
> =>Check out http://policyd.sourceforge.net/ then as it allows you to
> =>specify Servers/IP that should not be greylisted. Works very well.
> =>
> 
> I know this is the wrong pleace to discuss this, but since I didn't
> start it, I'm taking advantage. The policyd link above is for
> postfix. What I'd like doesn't seem to exist that I know of, and I'd
> like to know if someone maybe has a pointer.
> 
> I'm running sendmail and I want a good greylist that uses a mysql 
> database. There are all sorts of things out there but they're not
> dbms based.
> 
> Anyone?
> 

try here :- http://www.greylisting.org/

-- 
This message has been scanned for viruses and dangerous content by MailScanner, and is
believed to be clean.

Re: Should I use greylisting

["Steven W. Orr" <st...@syslang.net>]

On Thursday, Jan 25th 2007 at 12:49 -0000, quoth --[ UxBoD ]--:

=>Check out http://policyd.sourceforge.net/ then as it allows you to
=>specify Servers/IP that should not be greylisted. Works very well.
=>

I know this is the wrong pleace to discuss this, but since I didn't start 
it, I'm taking advantage. The policyd link above is for postfix. What I'd 
like doesn't seem to exist that I know of, and I'd like to know if someone 
maybe has a pointer.

I'm running sendmail and I want a good greylist that uses a mysql 
database. There are all sorts of things out there but they're not dbms 
based.

Anyone?

Re: Should I use greylisting

["--[ UxBoD ]--" <ux...@splatnix.net>]

Check out http://policyd.sourceforge.net/ then as it allows you to
specify Servers/IP that should not be greylisted. Works very well.

On Thu, 25 Jan 2007 12:33:19 -0000
"Matthew Bickerton" <ma...@gmail.com> wrote:

> Hi,
> 
> I am setting up a new server, so have a chance to make big changes to
> my email server.
> 
> I have been thinking about implementing Greylisting. However, I am
> worried about blocking/long delays with e-mails from mail farms
> (gmail, yahoo etc.)
> 
> I would very much appreciate other people's recommendations on
> Greylisting or other approaches to reducing the load on my server by
> rejecting spam early.
> 
> Matthew
> 
> 

-- 
This message has been scanned for viruses and dangerous content by MailScanner, and is
believed to be clean.