On Tuesday 23 January 2007 11:20 am, Roger E. Rustad, Jr. wrote: > Before I implement greylisting, I wanted to get 909 feedback.
While we haven't implemented Greylisting yet in the SpamBlocker DirectAdmin exim.conf file, we're getting closer... (http://www.directadmin.com/forum/showthread.php?t=16480) ...it'll most likely be in in SpamBlocker4, perhaps in SpamBlocker3.x. (SpamBlocker is my name for the exim.conf file I've written for the DirectAdmin webhosting control panel.) > Does it have a pretty good success rate with limited false positives? Okay, what am I reading wrong? I don't understand the concept of false positives with greylisting. I'm looking at either greylisting by IP# or by sender-receiver pair. Everyone gets blocked the first time. Then when they retry, they get accepted. So everyone gets delayed the first time they send. Do you call that a 100% positive rate? Then depending on how long you keep the database the senders don't get blocked anymore, until the IP#s age out. > How well does it work alone? Based on anecdotal evidence it works better than any other method, as spammers just don't resend (or even follow up on what doesn't get delivered). If spammers cared about their rejects (greylisting is a temporary reject) then our blocklists with whitelists (we've been using them for several years) wouldn't work. We've always allowed any sender to be whitelisted, and we've never had to automate the whitelist procedure; we've never (for over a thousand domains) have had to whitelist more than ten addresses in a week. And as far as we can tell, no spammer has ever applied. Based on all of that, our implementation of greylisting will work (for domains that opt-in) on all senders all the time. > And how well does it work when coupled with other proven spam fighting > techniques? Again, this is anecdotal evidence (we work rather closely with one of the major spam-filtering organizations, and they also use exim), it brings down the load from SpamAssassin that you can actually use it again <smile>. (Note that we do not recommend using SpamAssassin; it's gotten close to worthless because most organized spammers tweak their emails over and over again, against the latest SpamAssassin rulesets, before putting the spam into the wild.) > I've been skimming through the projects on this URL > > http://projects.puremagic.com/greylisting/links.html > > (and paying special attention to this Exchange 2003 project: > http://www.grynx.com/projects/greylist/) I can't speak for exchange; we're a linux house. You can see from my answers, and from the posts in my link above, that there's a bit of misunderstanding how greylisting works. But it works. Well. And there's even a method that doesn't require anything at all on your server (but merely that you have knowledge of [it doesn't have to be yours] a standard Internet routable IP# that's dead and that will remain dead: 1) Make sure your lowest-cost mx record is at least 1 (if you got a zero cost record, change it) 2) Make an mx record of 0 (zero cost) pointing to the IP# that's legal but never answers (dead, completely, not just blocked). Testing over several weeks shows that this appears to work very well, because all known MTAs (yes, even qmail, which otherwise disobeys every rule in the book) will try quickly at the next mx record if the lowest-cost one fails to answer at all. Anti-spam is a particular passion of mine; we even get angry at vendors at shows who scan our business card into Goldmine. (Yes, we avoid false positives, we give out cards especially printed for shows, with special email addresses on them.) I'll be very happy to help you get rid of spam in an open-source way. Free as in beer; Free as in speech. <smile> Jeff -- Jeff Lasman, Nobaloney Internet Services 1254 So Waterman Ave., Suite 50, San Bernardino, CA 92408 Our jplists address used on lists is for list email only Phone +1 909 266-9209, or see: "http://www.nobaloney.net/contactus.html";
