Kai Schaetzl wrote: > Matt Kettler wrote on Mon, 12 Dec 2005 20:17:04 -0500: > > >>Using greylisting you'd delay their mail, but they'd be able to deliver even >>if >>they still are in the RBL if they retry after the greylist timer expires. > > > That makes only sense if you greylist *only* hosts on these lists. This looks > rather elegant, but you completely loose the real effectiveness of > greylisting. > Greylisting works perfectly against all those zombies (and the few spam > blasters) > which are *not* on these lists. Using it only together with RBLs makes > greylisting > very ineffective in my eyes. > > Kai >
Kai, I beg to differ. Most zombies ARE in the DULs and/or XBL. If you greylist on DULs and XBL you'll get most of the zombies. This is because about 90% of the zombies out there are home-user high-speed Internet machines that are trojan infected. DULs will pretty much list all of these right off the bat, and XBL will pick up the rest quickly because that's what it is intended to list. Due to FPs, i can't afford to blacklist all DUL nodes, but I could greylist them. I do this now with RDNS name regexes and IP ranges in milter-greylist ACLS to great success (50% of my spam went away, with only about 100 nonspam messages delayed per week) Unfortunately hand-maintaining my own ACLs is a lot tougher than querying NJABL's DUL list. I also can't by hand mimic the ability of spamcop or XBL to rapidly pick up spewing business servers.
