mp> I really haven't looked into greylisting yet - but I;ve seen the
mp> term. So - how does it work? I had the idea that it slowed down
mp> delivery until you are trusted or something? So - you really like
mp> it do you?
In the arms race that is spam today, there is seldom any news that is
both good and dramatic. Well, greylisting is very good news. The bad
news is that someday the spammers will figure out how to get around
greylisting (it's not too hard), but in the meantime it's like having
a bad cold for a long time and suddenly waking up feeling great one
day.
You can search around for "greylisting" (usually spelled with an "e"),
but the two usual starting places for it are:
http://projects.puremagic.com/greylisting/
http://www.greylisting.org
In a nutshell, greylisting exploits the fact that most spam and email
viruses are sent by quasi-retarded software on compromised computers
all over the world. In contrast to real SMTP servers, the spambot
software does a lot of goofy things that aren't up to spec. One thing
in particular that someone noticed is that they don't usually retry in
the face of errors. Spambots by and large never retry (or they
immediately retry [no delay at all] a couple of times and then give
up). There are lots of special cases, so go to those URLs and read
about it.
Greylisting keeps track of triplets of (recipient address, sender
address, sending IP address). For a new combination, the SMTP server
gives 4xx temporary failure for some small period (like an hour or 5
minutes or whatever). After that small period, recipient validation
moves past the greylisting stage to whatever else you have. You keep
the records around for a while so that subsequent messages involving
the same triplet aren't delayed at all. In the best case, it's only
the first message from a new correspondent that gets delayed a little
bit.
One bummer is that greylisting doesn't help at all with autoforwarded
spam, bounce-back spam, and spam being sent by a real SMTP server for
whatever reason. There's plenty of that around, but it's a small
percentage of the spam traffic knocking on my door.
There's all kinds of skepticism about greylisting because it's pretty
easy to see how to overcome it. However, in the short term (who knows
how short), it's nothing short of "freaking fantastic" (YMMV :-). For
my personal mail flow, which includes all the postmaster and generic
stuff, it changed overnight from 500-600 spam and virus emails per day
to on the order of a dozen or so. The turnback rate for my users
varies widely; the higher the volume, the more likely they are to have
a high percentage of spam (at my site anyhow). I would estimated that
I'm running SpamAssassin only 10-15% of what I used to run. It's very
relaxing on my box right now.
--
bill-exim@??? (WJCarpenter) PGP 0x91865119
38 95 1B 69 C9 C6 3D 25 73 46 32 04 69 D6 ED F3
