I have been playing around with greylisting recently on a couple of test domains and it works pretty well (reduces the number of spam coming from malwared machines who don't retry sending their spam by over 90% before any spam checkers get to it), but I've noticed a number of real mail NZ servers not knowing what a 451 SMTP message is, and they treat it like a fail and they don't send the message again. (Yes I know I can whitelist good known NZ SMTP Serversto not Greylist from them) If anyone else has tried greylisting before , or has any comments on it, let me know. Thanks Craig
Hi, Craig Whitmore wrote:
If anyone else has tried greylisting before , or has any comments on it, let me know.
Yeah, we're doing it here and have had to whitelist a number of servers
that we frequently correspond with for buisness. Mostly the reason is
for timelyness of incoming email.
I have wound the greylist time down to 1 minute but have seen some mail
servers not try a second attempt for more than 48 hours!
On the whole I think it is still a net win and with a bit of
whitelisting you can keep the users happy.
--
Chris Edsall PGP KeyID 873A97AB
Craig Whitmore wrote:
If anyone else has tried greylisting before , or has any comments on it, let me know.
There are basically too many broken "legitimate" sending SMTP servers i.e. won't retry for 4hrs+ etc. This will cause you major issues with regards to "but I sent your boss an email hours ago" and so on. Depends on what environment your recieving mail for etc. Cheers, James. p.s. this list not setting the reply-to feild is really annoying.
On 13-Feb-2006, at 19:22, James Clark wrote:
p.s. this list not setting the reply-to feild is really annoying.
On Tue, 14 Feb 2006, Craig Whitmore wrote:
If anyone else has tried greylisting before , or has any comments on it, let me know.
Personally I find greylisting a pain. I am subscribed to a couple of lists that use it and it's annoying when my reply to the list takes half an hour to get through instead on 2 minutes. One important thing to watch for is that for larger sites the server that first tries to send your email might not be the one that tries to resend it later. Greylisting sites will thus block the email for a while until the sending site gets lucky and uses the same machine twice in a row. Generating random error messages to sending sites is just asking for trouble IMHO. You really can't determine exactly they will act and how long they will take to retry to send the message. Any delay is 100% your fault although most people using greylisting seem keen to push the blame to the sending site. It's the equivalent of ignoring someone when they first email/call you and saying "If it's important they'll ring back" . Not very polite and possibly not providing the best service to customers. -- Simon J. Lyall | Very Busy | Web: http://www.darkmere.gen.nz/ "To stay awake all night adds a day to your life" - Stilgar | eMT.
Personally I find greylisting a pain. I am subscribed to a couple of lists that use it and it's annoying when my reply to the list takes half an hour to get through instead on 2 minutes.
Yes the delay in getting in the anoying part, BUT if people are aware of this (opt-in). then greylisting DOES reduce the amount of spam coming in a lot. (Without the expensive virus/spam filtering). Thanks Craig
Simon Lyall wrote:
It's the equivalent of ignoring someone when they first email/call you and saying "If it's important they'll ring back" . Not very polite and possibly not providing the best service to customers.
You'd be surprised how effective this method is for avoiding unwanted phone calls. I extend the system to people talking to me face to face as well. Some people don't retry, but generally it's not a problem =) I use greylisting and the only time I've found it to be a problem is when the device sending the email was not designed to retry (cellphone), or when you need the email straight away (sign up emails to get passwords). On the whole though I'm pretty happy with it. The delay is a good excuse to get those OOS busting microbreaks in, or heaven forbid, a walk in the big blue room. Dean
Hi Craig,
If anyone else has tried greylisting before , or has any comments on it, let me know.
FYI, here's some stats on the delay times. The first graph is the
shortest 500 (of 761) messages. The X-axis is delay time in minutes. The
second graph shows all the messages including the troublesome servers.
5, 15 and 20 minutes look like popular retry times.
This was before I started whitelisting.
--
Chris Edsall PGP KeyID 873A97AB
On Tue, Feb 14, 2006 at 01:10:29PM +1300, Craig Whitmore said:
I have been playing around with greylisting recently on a couple of test domains and it works pretty well (reduces the number of spam coming from malwared machines who don't retry sending their spam by over 90% before any spam checkers get to it), but I've noticed a number of real mail NZ servers not knowing what a 451 SMTP message is, and they treat it like a fail and they don't send the message again. (Yes I know I can whitelist good known NZ SMTP Serversto not Greylist from them)
If anyone else has tried greylisting before , or has any comments on it, let me know.
We've been using greylisting here for the last six months, and it's made a huge difference to the amount of noise that the downstream spam filters have to deal with. I've had to whitelist one external mail server, and a couple of internal ones, but all in all, I'm well pleased with the results. It's particularly useful to have running over mailman owner addresses to reduce the crap that arrives there. I would set your timeout to be really low - 15 seconds would be as effective as 30 minutes, as far as I can see. Cheers Si
Simon Blake wrote:
We've been using greylisting here for the last six months, and it's made a huge difference to the amount of noise that the downstream spam filters have to deal with. I've had to whitelist one external mail server, and a couple of internal ones, but all in all, I'm well pleased with the results. It's particularly useful to have running over mailman owner addresses to reduce the crap that arrives there.
I would set your timeout to be really low - 15 seconds would be as effective as 30 minutes, as far as I can see.
Greylisting does seem to work - the only problems I've had have been with Gmail not waiting long enough, and handheld devices running Windows Mobile 2003 and 5 timing out because they think the connection's down (probably a design feature that). Easy enough to fix though. It seems particularly good for dealing with virus-generated spam. -- Juha
Greylisting does seem to work - the only problems I've had have been with Gmail not waiting long enough, and handheld devices running Windows Mobile 2003 and 5 timing out because they think the connection's down (probably a design feature that). Easy enough to fix though.
It seems particularly good for dealing with virus-generated spam.
I think you are thinking of teergrubbing. Delaying the connection answering or replying.. Teergrubbing is also a good Anti-Spam feature. Thanks Craig
On 15/02/06, Simon Blake
We've been using greylisting here for the last six months, and it's made a huge difference to the amount of noise that the downstream spam filters have to deal with. I've had to whitelist one external mail server, and a couple of internal ones, but all in all, I'm well pleased with the results. It's particularly useful to have running over mailman owner addresses to reduce the crap that arrives there.
I would set your timeout to be really low - 15 seconds would be as effective as 30 minutes, as far as I can see.
Is there a wiki or something somewhere listing 'optimisations' for NZ. ie. Which servers need to be whitelisted. -- Nicholas Lee http://stateless.geek.nz gpg 8072 4F86 EDCD 4FC1 18EF 5BDD 07B0 9597 6D58 D70C
Nicholas Lee wrote:
On 15/02/06, Simon Blake
wrote: We've been using greylisting here for the last six months, and it's made a huge difference to the amount of noise that the downstream spam filters have to deal with. I've had to whitelist one external mail server, and a couple of internal ones, but all in all, I'm well pleased with the results. It's particularly useful to have running over mailman owner addresses to reduce the crap that arrives there.
I would set your timeout to be really low - 15 seconds would be as effective as 30 minutes, as far as I can see.
Is there a wiki or something somewhere listing 'optimisations' for NZ. ie. Which servers need to be whitelisted.
The Wlug wiki has some of this kind of random operational data in it, feel free to add a page in there somewhere about it. ( http://www.wlug.org.nz/Whitelisting ) ?
participants (10)
-
Chris Edsall
-
Craig Whitmore
-
Dean Pemberton
-
James Clark
-
Joe Abley
-
Juha Saarinen
-
Nicholas Lee
-
Perry Lorier
-
Simon Blake
-
Simon Lyall