Well it's been 19 hours now and greylisting has only let three spams pass in - of which Spam Assassin (the open relay rbl) dropped two - leaving one for me to delete by hand. Not bad :-) Much better than the 20 to 40 that I normally have to delete.
The mail server successfully passed/delivered 969 emails since midnight and rejected 4157 emails (via greylisting). A random sampling of the rejects that didn't retry (about 25) shows only bad guys, and no good guys. The greylist database is currently 392K, and if all things remain equal then it should grow at about 1Mb every 3 days, and reach 120Mb in about a year... >From past experience I think the functional upper limit for the database used by my greylist perl app should be about 24Mb. Once the database gets up to that level, the app will start to slow down. and eat more cycles. That means that if I setup a cron-job to wipe the database on the first Saturday of every month, I'll be in good shape. I would like to maintain the list of good folks, so I might write a small app to pass through the database (or log files) and pull out the good ones and whitelist them... or I could modify the greylist app to automatically move those folks over to a second list when they reach a certain level of passed mails - a whitelist database, which I will keep persistent. Jon On Mon, 2007-01-29 at 18:05, Cristóbal Palmer wrote: > I'll second that. > > SA is awesome--with tweaking. Even so, if you have a published address > that gets a lot of mail and is an initial point of contact, eg. > [EMAIL PROTECTED], you're still going to get a significant amount of > spam unless you're willing to live with false positives and/or spend a > lot of time tweaking. I'm itching to try greylisting, too. > > Thanks, > CMP > > On 1/29/07, Magnus <[EMAIL PROTECTED]> wrote: > > David McDowell wrote: > > > In this thread we've seen some metrics and performance opinions on > > > greylisting... what about the latest spamassassin working with > > > sa-update? > > > > > > I've actually not been too impressed. Lots of spam gets through, and I > > do maintain a corpus of manually sorted ham and spam that is updated > > every 24 hours. > > > > I tend to err on the side of caution with my UCE controls, though, > > because I've found repeatedly if I get much more aggressive I get false > > positives. Unacceptable. > > > > I'm between OpenBSD boxes right now (the new firewall isn't quite to my > > liking yet) so I'm not getting as much pre-SA filtering as I would like. > > > > -- > > TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug > > TriLUG Organizational FAQ : http://trilug.org/faq/ > > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ > > > -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
