On 11/29/12 14:46:25, David F. Skoll wrote:
We greylist after the end of DATA. This wastes bandwidth, but lets us
use the Subject: line as an additional mix in the greylisting tuple.
This catches ratware that retries in the face of greylisting, but
mutates the subject line with each retry.
We greylist after the end of DATA. This wastes bandwidth, but lets us
use the Subject: line as an additional mix in the greylisting tuple.
This catches ratware that retries in the face of greylisting, but
mutates the subject line with each retry.
We use grey listing on our low volume
On Mon, 2012-12-03 at 07:23 -0800, Gary Funck wrote:
Since this is a Spam Assassin list: Is there a way of disabling
grey listing, but still receiving some benefit from the principle
that mail received from a first time or infrequent sender should
be looked upon with some suspicion?
Yes. If
On Mon, 3 Dec 2012 07:23:59 -0800
Gary Funck wrote:
Since this is a Spam Assassin list: Is there a way of disabling
grey listing, but still receiving some benefit from the principle
that mail received from a first time or infrequent sender should
be looked upon with some suspicion?
On 11/29/2012 08:46 PM, David F. Skoll wrote:
[...]
Also, once a given IP passes greylisting, we remember that and we don't
greylist that server for 40 days. If you have a large-enough user population,
this can greatly mitigate the problems caused by initial greylisting delays.
Do you treat
On 11/29/2012 12:27, Andrzej A. Filip wrote:
On 11/29/2012 08:46 PM, David F. Skoll wrote:
[...]
Also, once a given IP passes greylisting, we remember that and we don't
greylist that server for 40 days. If you have a large-enough user population,
this can greatly mitigate the problems caused
Am 29.11.2012 20:46, schrieb David F. Skoll:
On Thu, 29 Nov 2012 14:36:45 -0500
vec...@vectro.org wrote:
I've never had any
complaints about delivery speed, but some senders have broken mail
servers that don't retry on receiving a temporary failure.
Many such servers use broken SMTP
On 11/29/2012 09:31 PM, Dave Warren wrote:
On 11/29/2012 12:27, Andrzej A. Filip wrote:
On 11/29/2012 08:46 PM, David F. Skoll wrote:
[...]
Also, once a given IP passes greylisting, we remember that and we don't
greylist that server for 40 days. If you have a large-enough user
population,
On Thu, 29 Nov 2012 21:27:19 +0100
Andrzej A. Filip andrzej.fi...@gmail.com wrote:
Do you treat yahoo like spam sources in the same way?
With respect to greylisting, of course. If a machine passes greylisting once,
it's extremely likely to pass it in future and it's an utter waste of
time to
On 11/29/2012 09:53 PM, David F. Skoll wrote:
On Thu, 29 Nov 2012 21:27:19 +0100
Andrzej A. Filip andrzej.fi...@gmail.com wrote:
Do you treat yahoo like spam sources in the same way?
With respect to greylisting, of course. If a machine passes greylisting once,
it's extremely likely to pass
On Thu, 29 Nov 2012 21:59:45 +0100
Andrzej A. Filip andrzej.fi...@gmail.com wrote:
Does greylisting increase chances of bulk detectors (razor/pyzor/dcc)
in case of yahoo like spam sources?
[ based on your experience ]
I suppose it might, but I don't use razor, pyzor, dcc or anything similar
I've never had any
complaints about delivery speed, but some senders have broken mail
servers that don't retry on receiving a temporary failure.
Many such servers use broken SMTP implementations that can't handle
a 4xx code in response to RCPT properly.
We greylist after the end of DATA.
Just wondering how many
boxes:
rcpt domains:
rcpt users:
you guys are sending through greylisting.
Axb
On Thu, 29 Nov 2012, David F. Skoll wrote:
On Thu, 29 Nov 2012 21:27:19 +0100
Andrzej A. Filip andrzej.fi...@gmail.com wrote:
Do you treat yahoo like spam sources in the same way?
With respect to greylisting, of course. If a machine passes greylisting
once, it's extremely likely to pass
On Thu, 29 Nov 2012 22:47:45 +0100
Axb axb.li...@gmail.com wrote:
boxes:
About 50 000
rcpt domains:
About 2000
rcpt users:
Lots. I don't have an exact figure.
you guys are sending through greylisting.
This is on our machines. Our larger customers have significantly
higher numbers.
Does greylisting increase chances of bulk detectors (razor/pyzor/dcc) in
case of yahoo like spam sources?
No. A remarkable fraction of ratware still doesn't bother to retry,
so the most simple minded greylister will deter them. That's why it's
useful. I've never seen any support for the theory
On Thu, 30 Nov 2012, John Levine wrote:
Does greylisting increase chances of bulk detectors (razor/pyzor/dcc) in
case of yahoo like spam sources?
No. A remarkable fraction of ratware still doesn't bother to retry,
so the most simple minded greylister will deter them. That's why it's
useful.
On Thu, 29 Nov 2012 18:01:38 -0800 (PST)
John Hardin jhar...@impsec.org wrote:
It's not so much the host being blacklisted, as a checksum of the
spam being published by pyzor et. al., or for spamvertised websites
in the spam being published by URIBLs, so that when the sender tries
again the
On 11/29/2012 17:37, John Levine wrote:
Does greylisting increase chances of bulk detectors (razor/pyzor/dcc) in
case of yahoo like spam sources?
No. A remarkable fraction of ratware still doesn't bother to retry,
so the most simple minded greylister will deter them. That's why it's
useful.
On 11/29/2012 18:54, David F. Skoll wrote:
[My gut instinct says that a reasonable greylisting interval is too
short for most DNSBLs to react. Pyzor/Razor/DCC may be somewhat more
adept at reacting quickly.]
Something trap-driven like NIX is a candidate. No, it's not safe enough
to reject
On Tue, 17 May 2011 09:46:09 +0200
Per Jessen p...@computer.org wrote:
The main/only problem I have with greylisting are otherwise legit
servers that don't do retries - usually unpatched Exchange 2003
servers.
I've never seen any Exchange server of any version fail greylisting.
(Again, I do
David F. Skoll wrote:
On Tue, 17 May 2011 09:46:09 +0200
Per Jessen p...@computer.org wrote:
The main/only problem I have with greylisting are otherwise legit
servers that don't do retries - usually unpatched Exchange 2003
servers.
I've never seen any Exchange server of any version fail
On 5/17/2011 4:56 AM, Per Jessen wrote:
David F. Skoll wrote:
On Tue, 17 May 2011 09:46:09 +0200
Per Jessenp...@computer.org wrote:
The main/only problem I have with greylisting are otherwise legit
servers that don't do retries - usually unpatched Exchange 2003
servers.
I've never seen
On 19/01/11 15:02, David F. Skoll wrote:
On Wed, 19 Jan 2011 09:56:47 -0500
Lee Dilkiel...@dilkie.com wrote:
The second was that I've found that the other spam-catching filtering
is doing a much better job than it was years ago and turning off
greylisting didn't adversely affect the amount of
Hi, Steve,
http://www.fsl.com/index.php/resources/whitepapers/99
Interesting. I think you should credit me for this:
Once that has been proven then that â is exempted from further
greylisting for 40 days since it was last seen.
Our CanIt system has been doing that since at least 2005, and
On Tue, 08 Feb 2011 15:47:12 +
Steve Freegard st...@stevefreegard.com wrote:
See http://www.fsl.com/index.php/resources/whitepapers/99
Once that has been proven then that 'hostid' is exempted from further
greylisting for 40 days since it was last seen.
:) Our CanIt system has been doing
Hi David,
On 08/02/11 15:57, David F. Skoll wrote:
Hi, Steve,
http://www.fsl.com/index.php/resources/whitepapers/99
Interesting. I think you should credit me for this:
Once that has been proven then that â is exempted from further
greylisting for 40 days since it was last seen.
Our CanIt
On Tue, 08 Feb 2011 17:04:37 +
Steve Freegard st...@stevefreegard.com wrote:
Sure - credit where it is due; I've you to the 'Thanks' section.
Thanks. And also, my apologies for posting to the list... that was supposed
to be a private message. :(
/me mutters something about email amateurs
On 1/19/11 2:10 AM, David F. Skoll wrote:
On Tue, 18 Jan 2011 23:37:07 +0100
Rolf E. Sonneveldr.e.sonnev...@sonnection.nl wrote:
I agree with you, looking at my own personal situation. However, many
mail admins (and maybe you too) are responsible for the e-mail
handling of many
I recently gave up on greylisting after using it for years as well.
Two reasons really, one was the complaints from users (and I found that
they often asked folks to send mail to me twice to try and get mail to
work better and that was just embarrassing).
The second was that I've found that the
On Wed, 19 Jan 2011 09:56:47 -0500
Lee Dilkie l...@dilkie.com wrote:
The second was that I've found that the other spam-catching filtering
is doing a much better job than it was years ago and turning off
greylisting didn't adversely affect the amount of spam that got
through.
That's possibly
On 1/19/2011 10:02 AM, David F. Skoll wrote:
On Wed, 19 Jan 2011 09:56:47 -0500
Lee Dilkie l...@dilkie.com wrote:
The second was that I've found that the other spam-catching filtering
is doing a much better job than it was years ago and turning off
greylisting didn't adversely affect the
On Wed, 19 Jan 2011, Lee Dilkie wrote:
Don't get me wrong, I liked GL but there are a number of big ISPs that
have quite long retry timeouts (for some reason, sympatico comes to
mind) and it got to be too annoying.
...and when you encounter a big ISP that does this, do you notify their
The legitimate mail that passes through my mail server comes from
hosts / networks I might not hear from again for months, by which
time I have to potentially wait 24 hours for the greylisting / mail
server to try again.
I run greylisting on an email server with several thousand email
On 1/19/2011 9:25 AM, Matt wrote:
The legitimate mail that passes through my mail server comes from
hosts / networks I might not hear from again for months, by which
time I have to potentially wait 24 hours for the greylisting / mail
server to try again.
I run greylisting on an email server
The legitimate mail that passes through my mail server comes from
hosts / networks I might not hear from again for months, by which
time I have to potentially wait 24 hours for the greylisting / mail
server to try again.
I run greylisting on an email server with several thousand email
On 1/19/2011 8:06 AM, Lee Dilkie wrote:
On 1/19/2011 10:02 AM, David F. Skoll wrote:
On Wed, 19 Jan 2011 09:56:47 -0500
Lee Dilkiel...@dilkie.com wrote:
The second was that I've found that the other spam-catching filtering
is doing a much better job than it was years ago and turning off
On 1/18/11 4:58 PM, David F. Skoll wrote:
On Tue, 18 Jan 2011 16:55:42 +0100
Giles Coocheygi...@coochey.net wrote:
The legitimate mail that passes through my mail server comes from
hosts / networks I might not hear from again for months, by which
time I have to potentially wait 24 hours for
On Tue, 18 Jan 2011 22:18:33 +0100
Rolf E. Sonneveld r.e.sonnev...@sonnection.nl wrote:
RFC821/RFC2821/RFC5321 points out that a client has to wait a minimum
of 30 minutes before a retry attempt should be made,
That's fine. I don't care if an email from someone I've never heard
from before is
Hi All
To answer David's post, extract from our scanning system for today.
*Jan 18 01:53:19 sendmail[8404]: p0I1rIDg008404:
from=debenhams5-boun...@shopdebenhams.com, size=43048, class=0,
nrcpts=1, msgid=debenh...@shopdebenhams.com, proto=ESMTP,
daemon=MTA,
On Tue, 18 Jan 2011 22:18:20 +
Gary Forrest ga...@netnorth.co.uk wrote:
Interesting 2 of our 3 scanning heads use a grey list system that
uses /32 addresses as part of the process, these two servers have
100's of emails delayed for well over a day. Our 3rd scanning head
uses a grey list
On 1/18/11 11:02 PM, David F. Skoll wrote:
On Tue, 18 Jan 2011 22:18:33 +0100
Rolf E. Sonneveldr.e.sonnev...@sonnection.nl wrote:
RFC821/RFC2821/RFC5321 points out that a client has to wait a minimum
of 30 minutes before a retry attempt should be made,
That's fine. I don't care if an email
On 01/18/2011 12:31 PM, David F. Skoll wrote:
On Tue, 18 Jan 2011 22:18:20 +
Gary Forrestga...@netnorth.co.uk wrote:
Interesting 2 of our 3 scanning heads use a grey list system that
uses /32 addresses as part of the process, these two servers have
100's of emails delayed for well over a
On Tue, 18 Jan 2011 23:37:07 +0100
Rolf E. Sonneveld r.e.sonnev...@sonnection.nl wrote:
I agree with you, looking at my own personal situation. However, many
mail admins (and maybe you too) are responsible for the e-mail
handling of many (tens/hundreds/thousands) of users. Most users have
On 12/27/2010 12:42 PM, David F. Skoll wrote:
On Mon, 27 Dec 2010 12:37:00 -0800
Ted Mittelstaedtt...@ipinc.net wrote:
greylisting, though, is by far the best. But I have noticed an
increasing number of sites out there - and this is large sites - who
apparently are honked-off that people
On Mon, 27 Dec 2010 13:36:39 -0800
Ted Mittelstaedt t...@ipinc.net wrote:
[...]
We do not find virus-scanning before spam-scanning to be
effective. A tiny percentage of our mail is flagged as containing
a virus,
That's subject to interpretation I think. I would guess that your
On 12/27/10 4:07 PM, David F. Skoll d...@roaringpenguin.com wrote:
On Mon, 27 Dec 2010 13:36:39 -0800
Ted Mittelstaedt t...@ipinc.net wrote:
The real question is, do you get viruses that would make it past SA?
I can't answer that because we scan for viruses before SA. I would
guess yes.
]
Sent: 23. november 2006 07:57
To: users@spamassassin.apache.org
Subject: Re: Greylisting
Philip Prindeville wrote:
Don't they? I thought the recommended retry time was 2 minutes,
doubling on each failure, and maxing out at 2 hours.
The traditional Sendmail would retry either every 15
[EMAIL PROTECTED] wrote:
Very interesting - and scary to be honest :(
Scary? Why?
I'm guessing most greylisting software out there also operates with a set
expire for each record? This being pretty high - obviously... 1-30 days or
what is reasonable.
I use the 'postgrey' package which is
algorithm MUST
be configurable.
Cheers,
Phil
--
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: 23 November 2006 06:57
To: users@spamassassin.apache.org
Subject: Re: Greylisting
:)
- Nicolai
-Original Message-
From: John Andersen [mailto:[EMAIL PROTECTED]
Sent: 21. november 2006 01:12
To: users@spamassassin.apache.org
Subject: Re: Greylisting
On Monday 20 November 2006 15:08, Rick Macdougall wrote:
It's possible that they could send it all twice but I've never
@spamassassin.apache.org
Subject: Re: Greylisting
On Tuesday 21 November 2006 06:02, [EMAIL PROTECTED] wrote:
I'm afraid you're right on this one.
Of course the spammers read this very list - and they have already
started to implement anti greylisting meassures...
It's just a matter of time before they see
Don't they? I thought the recommended retry time was 2 minutes,
doubling on each failure, and maxing out at 2 hours.
That's what sendmail does (unless it's retry time has been explicitly
set to more than 2 hours, of course).
-Philip
Richard Frovarp wrote:
I don't think the RFCs specify any
Philip Prindeville wrote:
Don't they? I thought the recommended retry time was 2 minutes,
doubling on each failure, and maxing out at 2 hours.
The traditional Sendmail would retry either every 15 or every 30
minutes. This would almost always be seen as the command line setting
as sendmail
Just to add to the pot I have started working for a company who was receiving
+30,000 emails a day and acknowledged they had a spam problem. I got the go
ahead to pilot Postfix, MailScanner, SpamAssassin + FuzzyOCR and PolicyD and
have now reduced that to ~ 40 emails per day being delivered.
Am 21.11.2006 um 01:12 schrieb John Andersen:
On Monday 20 November 2006 15:08, Rick Macdougall wrote:
It's possible that they could send it all twice but I've never
seen it.
Remember that some unbelievable number of infected Windows
clients are
the main source of spam and it would just
On Nov 20, 2006, at 7:29 PM, Mike Jackson wrote:
FYI, I work for a large hosting provider, and I've seen customers
who have implemented greylisting, but spammers are getting smart
enough to work around it. I doubt that they're wasting resources on
queuing for redelivery, but they are
On Tue, November 21, 2006 00:23, Michele Neylon :: Blacknight wrote:
Dylan Bouterse wrote:
Do you have a compiled list of those IPs? And what method are you using
to whitelist? Email offlist if more appropriate. Thanks!
We whitelist the main Irish ISPs, so our list wouldn't be of much use to
John Andersen wrote:
On Monday 20 November 2006 15:08, Rick Macdougall wrote:
It's possible that they could send it all twice but I've never seen it.
Remember that some unbelievable number of infected Windows clients are
the main source of spam and it would just be too much trouble for the
-Original Message-
From: Vahric MUHTARYAN [mailto:[EMAIL PROTECTED]
Hello Everybody,
I'm using SA for a long time without any problem, nowadays spammers
are using too much graphical objects and they are tring to change it day by
day. I'm tring to use fuzzyocr but it's
John Andersen wrote:
On Monday 20 November 2006 15:08, Rick Macdougall wrote:
It's possible that they could send it all twice but I've never seen it.
Remember that some unbelievable number of infected Windows clients are
the main source of spam and it would just be too much trouble for the
Vahric MUHTARYAN [EMAIL PROTECTED] wrote on 11/20/2006 04:33:23 PM:
Hello Everybody,
I'm using SA for a long time without any problem, nowadays
spammers are using too much graphical objects and they are tring to
change it day by day. I'm tring to use fuzzyocr but it's taking too
Vahric MUHTARYAN wrote:
Hello,
Do you come across with any problem from your clients for mails are not
arriving at right time ? Because I afraid of people mta's all of them
are configured with different retry times .
We whitelist the main ISPs SMTPs to avoid this issue
--
Mr Michele
To: users@spamassassin.apache.org
Subject: RE: Greylisting
Hmmm, customers not willing to wait 5-10 mins for a email ?
Would prefer to receive more SPAM instead, especially for a
protocol that does not guarantee delivery ;) Urgent Items =
Use the phone or fax
On Tue, 21 Nov 2006 16:02:34
On Tue, 21 Nov 2006, Vahric MUHTARYAN wrote:
Do you come across with any problem from your clients for mails are not
arriving at right time ? Because I afraid of people mta's all of them are
configured with different retry times .
Whitelist your clients' known MTA IP addresses.
: RE: Greylisting
-Original Message-
From: Vahric MUHTARYAN [mailto:[EMAIL PROTECTED]
Hello Everybody,
I'm using SA for a long time without any problem, nowadays spammers are
using too much graphical objects and they are tring to change it day by day.
I'm tring
On 20-nov-2006, at 23:33, Vahric MUHTARYAN wrote:
Hello Everybody,
I'm using SA for a long time without any problem, nowadays
spammers are using too much graphical objects and they are tring to
change it day by day. I'm tring to use fuzzyocr but it's taking too
much cpu. I think
Benny Pedersen wrote:
On Tue, November 21, 2006 00:23, Michele Neylon :: Blacknight wrote:
Dylan Bouterse wrote:
Do you have a compiled list of those IPs? And what method are you using
to whitelist? Email offlist if more appropriate. Thanks!
We whitelist the main Irish ISPs, so our list
On Tue, 21 Nov 2006, Vahric MUHTARYAN wrote:
I'm using SA for a long time without any problem, nowadays
spammers are using too much graphical objects and they are tring
to change it day by day. I'm tring to use fuzzyocr but it's taking
Same Problem here ...
too much cpu. I
@spamassassin.apache.org
Sent: Tuesday, November 21, 2006 12:49 AM
Subject: Re: Greylisting
Vahric MUHTARYAN wrote:
Hello Everybody, I'm using SA for a long time without any problem,
nowadays spammers are using too much graphical objects and they are tring
to change it day by day. I'm tring
On Monday 20 November 2006 21:06, Duncan Hill wrote:
Greylisting has been used now for over 2 years. I haven't seen any
spammer adapt their botnets to handle it in that time frame.
But its used on .0002% of MTAs. Not worth anybody's effort
until it goes mainstream, or gets talked up here on
On Monday 20 November 2006 19:06, Rick Macdougall wrote:
John Andersen wrote:
... the spammers are not actually
storing the email addresses on the infected machines, they just send an
email to go out).
I'm not saying they won't do it, I'm saying they aren't doing it currently.
Actually they
On Tuesday 21 November 2006 06:02, [EMAIL PROTECTED] wrote:
I'm afraid you're right on this one.
Of course the spammers read this very list - and they have already started
to implement anti greylisting meassures...
It's just a matter of time before they see too little success rate when
they
John Andersen wrote:
On Monday 20 November 2006 15:08, Rick Macdougall wrote:
It's possible that they could send it all twice but I've never seen it.
Remember that some unbelievable number of infected Windows clients are
the main source of spam and it would just be too much trouble for the
At 22:06 20-11-2006, Duncan Hill wrote:
Greylisting has been used now for over 2 years. I haven't seen any
spammer adapt their botnets to handle it in that time frame. Some
have moved to using ISP relays or other
unsecured 'real' MTAs, but the majority live for the one-shot
attempt. I do
On Monday 20 November 2006 15:08, Rick Macdougall wrote:
It's possible that they could send it all twice but I've never seen it.
Remember that some unbelievable number of infected Windows clients are
the main source of spam and it would just be too much trouble for the
spammer to try every
From: Rick Macdougall [EMAIL PROTECTED]
John Andersen wrote:
On Monday 20 November 2006 15:08, Rick Macdougall wrote:
It's possible that they could send it all twice but I've never seen it.
Remember that some unbelievable number of infected Windows clients are
the main source of spam and it
.
Personally I get about 40 fewer spam messages a DAY because of greylisting
and I am not willing to give it up just yet.
Joey
-Original Message-
From: John Andersen [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 21, 2006 11:10 PM
To: users@spamassassin.apache.org
Subject: Re: Greylisting
Casper wrote:
How do i make spamassassin scan messages that greylisting are
whitelisting, i want to scan all messages.
Oct 18 16:35:37 smtp1 milter-greylist: k9IEZat8018309: addr
209.237.227.199 from [EMAIL PROTECTED] rcpt [EMAIL PROTECTED]:
autowhitelisted for more 48:00:00
I want to scan
Matt wrote:
Steven,
I run qmail in my environment but have used sendmail in the past...
can sendmail happily handle 500,000 messages a day? Say if I were to
JUST pass them through and send them on to my qmail server?
On Wed, 02 Mar 2005 07:34:46 -0600, Steven Stern
[EMAIL PROTECTED] wrote:
Matt
From: Steven Stern [EMAIL PROTECTED]
Please keep replies on the list.
In my former job, we ran 50,000 messages/day through sendmail on a sparc
20. It chugged a little, but it handled it. I think a decent Xeon box
with a decent amount of memory could easily handle 50,000 messages plus
jdow wrote:
From: Steven Stern [EMAIL PROTECTED]
Please keep replies on the list.
In my former job, we ran 50,000 messages/day through sendmail on a sparc
20. It chugged a little, but it handled it. I think a decent Xeon box
with a decent amount of memory could easily handle 50,000 messages plus
HI
check postfix greylisting
Philipp
-Original Message-
From: Matt [mailto:[EMAIL PROTECTED]
Sent: Mittwoch, 2. März 2005 14:20
To: [EMAIL PROTECTED]
Subject: Greylisting
Hi,
Is there any kind of plugin or patch for spamassassin that
will allow me to selectively turn on
Matt [EMAIL PROTECTED] wrote on 03/02/2005
07:19:42 AM:
Hi,
Is there any kind of plugin or patch for spamassassin that will allow
me to selectively turn on GREYLISTing for certain user accounts?
Yep, like Steven said, greylisting has to kick in
at the MTA level before SA even gets invoked.
On Wed, 2 Mar 2005, Matt wrote:
Hi,
Is there any kind of plugin or patch for spamassassin that will allow
me to selectively turn on GREYLISTing for certain user accounts?
When I say greylist I mean: All e-mail coming into them is bounced
with a temporary error the first time, and then
If you use exim, check out:
http://marc.merlins.org/linux/exim/sa.html
It allows SA scanning at the MTA level and includes a GreyListing
pluging for SA3. You should be able to configure exim to only allow it for
certain recipient addreses but you'd have to do that research
86 matches
Mail list logo
