On Tue, Mar 23, 2004 at 10:22:04AM -0600, Edgar Lovecraft wrote:
> so why do the Greylisting Docs suggest such a long period of time before
> the accept??
> Ah well, greylisting is a nice idea, I have just not figured out what a
> good balance for its use would be yet, and I do not think that all email
> should be greylisted "just because".
> Not that I am trying to pick a fight by the way ;)
The longer delay is more to prevent a spammer who sends multiple
identical messages in a 20 minute period from triggering an automatic
whitelisting. It's not perfect by any means, but a properly
configured server should hopefully continue to retry even after the
initial hour, and the hour delay will prevent multiple messages in a
short period from being whitelisted inadvertantly.
We implemented Greylisting for some of our administrative aliases,
and it works fairly well, but from a couple of months of observations,
I've found the following:
1. Dont use it on mailboxes that are mission critical. There are some
mail servers out there that have their retry rules screwed up and
may not retry often enough or long enough.
2. Be prepared to deal with delays on incoming mail from new sources.
For example, if you went to a website you forgot the password to
and ask them to email it to you, it will take an hour to get it
at a minimum.
3. Some spam will still get through, either because they retry or
because they send another message to you an hour or so later.
4. Be careful in the implementation so that your mail server isn't
vulnerable to the state of your MySQL database. Doing queries
to a remote database in a high-volume mail environment isn't ideal.
All in all, Greylisting is a good last resort, but it's really a
desparate hack that works somewhat well if you dont mind the downsides.
--
Dean Brooks
dean@???