On a very off topic note, why are we still both up? John T eServices For You
> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of William Van Hefner > Sent: Saturday, October 15, 2005 1:01 AM > To: sniffer@SortMonster.com > Subject: RE: [sniffer] Large amounts of spam still getting through > > John, > > This may be slightly OT. Hope Pete doesn't mind. :-) > > The default in greylisting that comes with Postfix is 300 seconds, although > you can change that value to whatever you want. The first reason that > greylisting was implemented was because almost no spamware ever tried > resending messages at the time the idea was originally brought about. Now, I > would say that about 85% of spamware and zombies never retry. It is the BIG > spamhauses that always retry, and Sniffer is an excellent companion for > catching those. It is currently best suited for stopping zombie spamware, > and the majority of small spammers that never retry sending messages. > > As far as the delay timing goes, that is really up to each individual admin > and should be fine tuned depending upon what kind of traffic patterns you > are dealing with. I could certainly see the need for some admins to crank > the delay up to 15-20 minutes, while I have other hosting customers that are > whitelisted entirely (you can whitelist individual domains or just users > using greylisting). The best use may be to whitelist some user addresses, > and leave others with significant delays. I always believe that users should > use a "personal" e-mail address, and another one that is strictly for > mailing lists, online ordering, and stuff like that. > > There is a lot of tweaking that can be done with greylisting, but it is only > one part of the overall antispam picture. One of its biggest advantages is > the bandwidth and CPU processing it can save you, as it rejects a > substantial amount of spam with very little bandwidth consumption. There are > also technically no "false positives", as all mail (even spam) will > eventually be passed through. Obviously, it only works best for SOME spam > though, and other things like Sniffer solve different parts of the puzzle. > Between the different methods I am using, which don't even include Bayesian > at the moment, I am seeing far better than a 99% success (rejecting or > deleting spam) rate, with very few false positives. > > > > William Van Hefner > Network Administrator > > Vantek Communications, Inc. > 555 H Street, Ste. C > Eureka, CA 95501 > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists) > > Sent: Saturday, October 15, 2005 12:41 AM > > To: sniffer@SortMonster.com > > Subject: RE: [sniffer] Large amounts of spam still getting through > > > > > > 5 minutes would hardily be noticed. Discussions I was having > > with others involved delays of an hour or two. > > > > I do not see how "greylisting" a message for 5 minutes would > > help except when fighting harvesting or dictionary type spam attacks. > > > > John T > > eServices For You > > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] > > On > > > Behalf Of William Van Hefner > > > Sent: Saturday, October 15, 2005 12:22 AM > > > To: sniffer@SortMonster.com > > > Subject: RE: [sniffer] Large amounts of spam still getting through > > > > > > John, > > > > > > I have no clue what the "legal implications" would be, as > > long as both > > > my customers know that I'm using it and the sender is notified > > > appropriately via SMTP. I use greylisting via IMGate/Postfix and it > > > works like a charm. > > It > > > takes a good couple of weeks to build up decent whitelist > > (both manual > > > whitelisting and automated whitelisting are recommended), but after > > > that > > it > > > is pretty much smooth sailing. I've yet to have a single complaint > > > from my users over greylisting, other than the fact that it delayed > > > their e-mails > > by > > > around 5 minutes for the first couple of weeks. If I had planned it > > better, > > > even those delays would largely not have occurred. > > > > > > I know of no way to implement greylisting on a Windows box. See > > > greylisting.org for more info. > > > > > > > > > William Van Hefner > > > Network Administrator > > > > > > Vantek Communications, Inc. > > > 555 H Street, Ste. C > > > Eureka, CA 95501 > > > 707.476.0833 ph > > > > > > > > > > -----Original Message----- > > > > From: [EMAIL PROTECTED] > > > > [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists) > > > > Sent: Friday, October 14, 2005 12:55 PM > > > > To: sniffer@SortMonster.com > > > > Subject: RE: [sniffer] Large amounts of spam still getting through > > > > > > > > > > > > There has been a good amount of discussion about > > temporarily "grey > > > > listing" an e-mail message and there are many questions > > surrounding > > > > it, one of which is legal. > > > > > > > > John T > > > > eServices For You > > > > > > > > > > > > > -----Original Message----- > > > > > From: [EMAIL PROTECTED] > > > > > [mailto:[EMAIL PROTECTED] > > > > On > > > > > Behalf Of Mike Nice > > > > > Sent: Friday, October 14, 2005 12:43 PM > > > > > To: sniffer@SortMonster.com > > > > > Subject: Re: [sniffer] Large amounts of spam still > > getting through > > > > > > > > > > > getting much better at what they do. When a spammer uses > > > > Geocities > > > > links, > > > > > > hijacks real accounts on major providers to send spam > > through, > > > > > > and > > > > changes > > > > > > their techniques every few hours, it makes it difficult > > > > for Sniffer > > > > > > to proactively block them, and the delay between rulebase > > > > > > updates means a delay in catching things that have > > been tagged. > > > > > > > > > > This brings to mind a technique with optional > > adaptive delay - > > > > > enabled > > > > by > > > > > the user. Each mail is assigned a 'triplicate': (To_Email, > > > > From_Email, > > > > > and domain_of_sending_server). Previously unknown > > triplicates are > > > > > held for a period of time before being examined for spam. > > > > The delay > > > > > is long enough that SpamCop, Sniffer, and InvURIBL > > mailtraps see > > > > > copies of the spam and update the blacklists. > > > > > > > > > > This would be hard to do with the stock IMail, but > > > > possibly could > > > > > be > > > > done > > > > > by Declude with the V3 architecture and a database. > > > > > > > > > > It still doesn't provide a good answer to the problem of > > > > spammers > > > > > hijacking a computer and sending spam through > > legitimate servers. > > > > > > > > > > > > > > > This E-Mail came from the Message Sniffer mailing list. For > > > > > information > > > > and > > > > > (un)subscription instructions go to > > > > > http://www.sortmonster.com/MessageSniffer/Help/Help.html > > > > > > > > > > > > This E-Mail came from the Message Sniffer mailing list. For > > > > information and (un)subscription instructions go to > > > > http://www.sortmonster.com/MessageSniffer/Help/Help.html > > > > > > > > > > > > > This E-Mail came from the Message Sniffer mailing list. For > > > information > > and > > > (un)subscription instructions go to > > > http://www.sortmonster.com/MessageSniffer/Help/Help.html > > > > > > This E-Mail came from the Message Sniffer mailing list. For > > information and (un)subscription instructions go to > > http://www.sortmonster.com/MessageSniffer/Help/Help.html > > > > > This E-Mail came from the Message Sniffer mailing list. For information and > (un)subscription instructions go to > http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html