Hi Folks, This might be of interest to NZNOG members -- we have just implemented grey listing for some addresses and the results have been dramatic to say the least... Russell -------- Original Message -------- Subject: [Computer-support] Greylisting - one day after Date: Thu, 16 Nov 2006 10:50:26 +1300 From: Bojan Zdrnja <b.zdrnja(a)auckland.ac.nz> To: Computer Support <computer-support(a)list.auckland.ac.nz> Hi All, Yesterday at 12:00 (mid day) I enabled greylisting on our e-mail cluster. At the moment we are greylisting only machines that don't have reverse DNS entries, or match one of our predefined name regular expressions (these are matching on modem/dialup/cable/adsl machines). The results of this has been amazing - we are seeing a dramatic decrease in processed spam (almost 10 times!). I'm hoping that you are seeing effects of this in your mailboxes as well - there should be overall less spam (marked and unmarked). I'm attaching two graphs that are showing this. The first graph (total-messages.PNG) shows total messages received after I turned on greylising. Green are legitimate messages, blue is spam, red are infected messages. The second graph (CPU-groucho.PNG) shows CPU utilization on groucho (smtpa - the first SMTP machine). For some reason spammers like to hit this machine the most so you can see last 7 days. Now, this works great at the moment but spammers will adapt and improve their software. My wild guess is that this will help for maybe 6 months to a year, but it will definitely give us some time to prepare for future spam waves. Bojan