Hi Folks,
This might be of interest to NZNOG members -- we have just
implemented grey listing for some addresses and the results have been
dramatic to say the least...
Russell
-------- Original Message --------
Subject: [Computer-support] Greylisting - one day after
Date: Thu, 16 Nov 2006 10:50:26 +1300
From: Bojan Zdrnja
To: Computer Support
Hi All,
Yesterday at 12:00 (mid day) I enabled greylisting on our e-mail
cluster. At the moment we are greylisting only machines that don't have
reverse DNS entries, or match one of our predefined name regular
expressions (these are matching on modem/dialup/cable/adsl machines).
The results of this has been amazing - we are seeing a dramatic decrease
in processed spam (almost 10 times!). I'm hoping that you are seeing
effects of this in your mailboxes as well - there should be overall less
spam (marked and unmarked).
I'm attaching two graphs that are showing this.
The first graph (total-messages.PNG) shows total messages received after
I turned on greylising. Green are legitimate messages, blue is spam, red
are infected messages.
The second graph (CPU-groucho.PNG) shows CPU utilization on groucho
(smtpa - the first SMTP machine). For some reason spammers like to hit
this machine the most so you can see last 7 days.
Now, this works great at the moment but spammers will adapt and improve
their software. My wild guess is that this will help for maybe 6 months
to a year, but it will definitely give us some time to prepare for
future spam waves.
Bojan
