Re: [Exim] Greylisting -> only for not known spam or ham

Top Page
Delete this message
Reply to this message
Author: Marc MERLIN
Date:  
To: Alun
CC: Alan J. Flavell, Exim users list
Old-Topics: Re: [Exim] Greylisting + multiple MX hosts -> multiple attempts
Subject: Re: [Exim] Greylisting -> only for not known spam or ham
On Tue, Mar 23, 2004 at 09:35:25AM +0000, Alun wrote:
> We've been running with greylisting in this form since mid September
> and we've had less than 20 complaints about failed legitimate mail (all
> due to bizarre retry behaviour at the other end or ancient, broken MTAs).
> I estimate it's dropped the amount of spam we receive by 85-90%.


I know I announced it recently, but considering the amount of mail here,
some of you may have missed my comments about this, and the SA-Exim
greylisting code that tries to address that.

It seems that greylisting should really be done as a last resort thing
when you're not sure whether you're dealing with spam, or ham

This is what SA-Exim's greylisting implementation does (with SA's help,
most of the greylisting code is actually inside SA, not SA-Exim)

Non spam flows right through (even though it does seed the greylist pool so
that if a spammish mail comes from the same place later, its score can be
dropped somewhat due to the tuplet (env from/env to/connect-ip) being
whitelisted).

You can find more details here:
http://marc.merlins.org/linux/exim/files/sa-exim-current/README.greylisting
http://marc.merlins.org/linux/exim/sa.html

Marc
--
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/   |   Finger marc_f@??? for PGP key