Hi all,
One very effective but rarely implemented trick is to put in a 1 second delay before the SMTP greeting.
Botnets do not wait for 1 second, they post their whole spam in one shot. Then the mail server says its ready and they've already gone. 1 second is not much of a delay, so no real risk of timeouts.
It's a nice alternative to greylisting. It gets rid of the botnets, which is what greylisting is really for. Greylisting is no use if the spam is coming from a real mail server.
We do use greylisting at Manukau Institute of Technology and it's great. No complaints from the users in almost 6 years.
We do it based on /24 ranges which is less of a problem that unique IPs and we have built up a large database.
We don't bounce based on SPF (unless specified in DMARC policy) as so many people have their SPF records set up incorrectly. We just mark as spam for that.
Best Regards,
Stephan Hughson |
Technical Architect
Private Bag 94006, Manukau, Auckland 2241
p: 09 968 7611 |
m: 027 568 7611 | w:
manukau.ac.nz
From: nznog-bounces@list.waikato.ac.nz [nznog-bounces@list.waikato.ac.nz] on behalf of Glen Eustace [geustace@godzone.net.nz]
Sent: Wednesday, 5 April 2017 3:08 p.m.
To: Damian Kissick
Cc: nznog@list.waikato.ac.nz
Subject: Re: [nznog] Xtra and SPF
Personally the only thing I really find of use in my mail stack is grey listing, for stopping spam. I've just about stripped the rest out and just let people deal with the noise as they see fit.
I'm actually surprised you are finding greylisting still useful.
Our experience matches Don�s. We are still finding greylisting the most effective tool in dealing with spam. I agree that it may not continue to be so but I haven�t seen anything yet that we might use instead.
Glen