Submitted by “This tutorial will show you how to setup greylisting with Postgrey and Postfix on Debian. Greylisting will not replace spam filtering software like SpamAssassin but it will serve as a powerful first hurdle for spam thus reducing the amount of spam entering the system at all.”
the spammers have already figured out greylisting.
and, of course, their solution only makes things worse: they simply retry randomly several times.
means that not only will the greylisting not keep you from getting spam, but now, you’re more likely to get multiple copies of the same spam.
I have great success with greylisting. Most of the spam I get these days is from valid mail servers sending mail from insecure forms that allows bcc injection.
and, of course, their solution only makes things worse: they simply retry randomly several times.
I use SQLGrey and other small stuff with Postfix (for example policyd weight) and when the spammers connect to fast, then they get either temporary blocked or get penalties because they are retraying too fast.
I never ever got spam mails delivered multiple time, because of the spammers trying to work around greylisting.
be patient, it’ll happen. the spammers don’t try quickly, by the way, they do use backoff algorithms.
Pacbell/SBC/AT&T started greylisting a while back, and my spam to my pacbell account went down dramatically. about three months ago it started going up again and sure enough the duplicates started rolling in.
That particular account is annoying because I have never used that email address anywhere for anything, but between pacbell having sold their mailing lists a few times, pacbell having accidentally given away their mailing lists more than a few times, and pacbell being big enough to be a target for dictionary construction spammers, it gets more spam than all of my other email accounts put together.
Well… for filtering spam, I use DSPAM. I have yet to see something as flexible as DSPAM. Greylisting is only one small part against spam.
What get’s over all the stuff I have implemented against spam entering the system, get’s filtered by DSPAM.
For me, I can say, that I have no spam problem at all.
I tried Postgrey for a few weeks on our shared server, but I found it too costly to maintain. There’s just too many incorrectly configured or broken mail servers out there for me to start a crusade. Not when my customer satisfaction level drops for over a week.
After configuring it, I spent most of my days carefully monitoring the logs for false positives that never returned the call, adding their server pools to whitelists and treating customer complaints. No matter Postgrey’s timeout or status code configuration.
I now use the Spamhaus and DSBL blacklists. They cut back the spam received dramatically and best of all: not a single complaint yet. Con is that it does let more ADSL-sent spam through than Postgrey. Pro is that unlike with Postgrey, known “smart” spammers get blocked too.
Greylisting? No thanks. Blacklisting? Yes please.
Blacklisting is not what it used to be. Today a spammer registers a domain for only serval days and blacklisting is not fast enought to catch new registred domains.
I just read an article, where IronPort said that from the 35 million registred domains in april 2006 only about 3 millions where used and the other 32 millions where canceled in the next 5 days.
Blacklisting is failing to catch up with that fast canceling rate, but greylisting is perfectly suited for that task.
Don’t forget that IronPort uses such claims as a marketing instrument. The blacklists (can) work off an IP-listing. Shared hosts that take spammers as customers are hence encouraged to maintain a strong abuse policy.
Fact remains that Postgrey dropped too much e-mail messages to be perfectly suited for any task.
I want to be able to greylist not based on the triplet of sender email address, sender IP address, and recipient email address, but rather:
Sender email address domain, sender IP address without regard to the last octet (the /24), and recipient email address domain. And if the IP address doesn’t match the /24, then check to see if the sending domain has an spf1 or spf2 record and allow the IP addresses stated in their mechanisms.