Here's an argument for you: http://www.nebrwesleyan.edu/people/stpierre/filtered.png
This is the breakdown of mail filtered by one of our MXes over the past week. The "RBL" line shows mail rejected by an RBL, mostly by njabl; the "Rejected" line is line rejected by other MTA-level rules (like requiring an FQDN for the HELO); the "Spam" line shows mail that was accepted, marked as spam by SA, and delivered; and the "Greylisted" line shows mail that was delayed by Postgrey and not retried (i.e., successfully blocked). As you can see, about 30% of the mail we filter (and about 25% of our total mail) is rejected by greylisting. Each of our MTAs processes about 400K messages per week. We greylist after all other MTA restrictions, so that boils down to over 100K messages that SA would have to scan if we weren't using greylisting. Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University On Tue, 21 Nov 2006, [EMAIL PROTECTED] wrote: >I'm afraid you're right on this one. > >Of course the spammers read this very list - and they have already started >to implement "anti greylisting" meassures... > >It's just a matter of time before they see too little success rate when they >read the bot stats and start to circumvent greylisting too :( > >I have yet to try greylisting on a real production system. I am concerned >about the 5-15 mins. delay because we have some sensitive customers that are >already on their toes. But with the right set of arguments I'm sure I can >convince even the "worst" customer that greylisting is a good thing... >still. > >I wonder how many years it will take before some organization steps up and >lead the way to new SMTP standards. My company has gone from 1 to 4 mail >server over the past 6 months. I reckon it's about time protocols adapt to >the world today :) > > - Nicolai > > >-----Original Message----- >From: John Andersen [mailto:[EMAIL PROTECTED] >Sent: 21. november 2006 01:12 >To: users@spamassassin.apache.org >Subject: Re: Greylisting > > >On Monday 20 November 2006 15:08, Rick Macdougall wrote: >> It's possible that they could send it all twice but I've never seen >> it. >> Remember that some unbelievable number of infected Windows clients are >> the main source of spam and it would just be too much trouble for the >> spammer to try every address twice after a 15 minute interval. > >Oh come on! It costs the spammer NOTHING to make that adjustment to his bot >net. Its someone else's bandwidth, and someone else's cpu cycles. > >They are reading this list and planning the changes already. > >-- >_____________________________________ >John Andersen > >
