For what it's worth, I agree. Graylisting was designed to stop spam coming from spambots on infected home PCs -- because they're not "real" mail servers, they won't retry their deliveries. But the rDNS and blacklist filters seem to stop almost all deliveries from home PCs these days, so graylisting almost becomes redundant. (It's always fascinated me that the authors of those spambots didn't implement a retry feature -- it would have been so simple to do...)
It seems to me the most "effective" spam these days is coming from compromised email accounts -- a spammer gets someone's password and pumps thousands of messages through their mail server with the user's credentials. I've added some additional filters to spamdyke's next version to limit allowed sender addresses after authentication -- the address can be required to exactly match the authentication username or just the domain can be required to match. Next version coming Real Soon Now(tm)! :) -- Sam Clippinger On Nov 23, 2013, at 10:39 AM, Eric Shubert wrote: > On 11/23/2013 09:05 AM, BC wrote: >> >> On 11/23/2013 8:55 AM, Eric Shubert wrote: >>> Having said that, I've come to the conclusion that graylisting isn't >>> worth it to me. I disabled graylisting several months ago, and haven't >>> really noticed any less effectiveness. Measuring the effectiveness of >>> graylisting properly is very difficult, and it's a pain for users >>> (myself included) at times. With all of the other filters spamdyke >>> provides, I don't think the cost of graylisting is worth the benefit. Of >>> course, YMMV. >> >> Curious you bring that up. In perusing the logs, it (very subjectively) >> looks like r_dns lookups are blocking 95% of the spam, RBL is getting >> about 4% and graylisting is only being invoked about 1% of the time. > > That feels about right to me, again very subjectively. The tough part > about measuring graylisting is that of the 1% of the times it's invoked > how many were spam? It's pretty hard to tell. I don't know of anyone > who's measured this accurately. > > I suppose the pruning script could be modified (quite easily in fact) to > give a count of how many empty files it removed. I think that would be > an accurate measure. I'm a little surprised I didn't think of that the > last time I edited the script. I'll see about making that change when I > put the script in the spamdyke rpm (and on github). > >> But what is the "cost of graylisting"? Graylisting delays a legit email >> by X amount of minutes. Is that the pain of which you are talking? >> > > Yes. I realize that the impact of the delay is infrequent, but when it > happens, it's really annoying, and it impacts productivity. In my case, > it usually happens when an email confirmation or notification of some > sort is required to do something. This is the absolute worst time for > there to be a delay, as it interrupts that process. > > As a user, I was very happy to have graylisting turned off. As an email > administrator, I am tired of trying to explain how delaying delivery of > email is necessary to help reduce spam. Graylisting is simply not a good > solution because of the negative impact on the users. > > -- > -Eric 'shubes' > > _______________________________________________ > spamdyke-users mailing list > spamdyke-users@spamdyke.org > http://www.spamdyke.org/mailman/listinfo/spamdyke-users _______________________________________________ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
