Kai Schaetzl wrote:
> Matt Kettler wrote on Mon, 12 Dec 2005 20:17:04 -0500:
> 
> 
>>Using greylisting you'd delay their mail, but they'd be able to deliver even 
>>if 
>>they still are in the RBL if they retry after the greylist timer expires.
> 
> 
> That makes only sense if you greylist *only* hosts on these lists. This looks 
> rather elegant, but you completely loose the real effectiveness of 
> greylisting. 
> Greylisting works perfectly against all those zombies (and the few spam 
> blasters) 
> which are *not* on these lists. Using it only together with RBLs makes 
> greylisting 
> very ineffective in my eyes.
> 
> Kai
> 

Kai, I beg to differ.

Most zombies ARE in the DULs and/or XBL. If you greylist on DULs and XBL you'll
get most of the zombies. This is because about 90% of the zombies out there are
home-user high-speed Internet machines that are trojan infected. DULs will
pretty much list all of these right off the bat, and XBL will pick up the rest
quickly because that's what it is intended to list.

Due to FPs, i can't afford to blacklist all DUL nodes, but I could greylist
them. I do this now with RDNS name regexes and IP ranges in milter-greylist ACLS
to great success (50% of my spam went away, with only about 100 nonspam messages
delayed per week)

Unfortunately hand-maintaining my own ACLs is a lot tougher than querying
NJABL's DUL list.

I also can't by hand mimic the ability of spamcop or XBL to rapidly pick up
spewing business servers.

Reply via email to