[geeks] Greylisting?

Michael Parson mparson at bl.org
Tue Nov 22 11:59:46 CST 2005 

On Tue, Nov 22, 2005 at 05:29:42PM +0000, Mike Meredith wrote:
> On Tue, 22 Nov 2005 09:48:16 -0600, Michael Parson wrote:
>> Does this abuse other people's mail servers?
>
> Yes. Does the level of abuse matter when it's just one personal domain
> with a low volume of mail ? No. Does it matter if greylisting becomes
> widespread on personal low volume mail domain ? Probably not that
> much.  Does it matter if it becomes a widespread practice amongst mail
> server administrators ? Yes it certainly would.

I know it's being used by large and small organizations alike.

A small set that greylisting.org has kept track of:

http://www.greylisting.org/users.shtml

Including one of the largest universities in the US.

> Mail servers are at their most efficient when they can hand off
> mail to the destination server immediately. Waiting for the next
> queue run is far less efficient and can cause problems if you have
> a significantly increased proportion of mail destinations using
> greylisting. Just ask on a mailing list with large mail server
> administrators on whether greylisting is responsible behaviour (but
> don't because it causes a flame war).

Mail servers are at their most efficient when they only handle
legitimate mail.  The whitelisting feature of the greylist minimizes the
amount of mail that is kept for the next queue run.  For example, by a
large margin, I get the highest volume of email from sunhelp.org due to
the lists I'm on that hare hosted there, a list would have to be idle
for more than 10 days before my mail server would 451-greylist it.

> As the administrator of a mail server you should be minimising the
> negative impact on the Internet of your service. Greylisting increases
> it.

The old "be conservative with what you send, liberal with what you
accept" policy.  Mail admins still have to draw the line somewhere.
First we turned off open-relays and there were some people complaining
about that too.  Now the line has moved up a bit.  There is some pain
that is going to be had on all sides of this, I think responsible mail
admins need to do what they can do combat this problem and try and be
flexible when the spammers change the game.

> I'm not totally against greylisting (as detailed previously) but
> restricting it to dubious connecting hosts seems to be a better choice
> than doing it to everyone.
>
> And on my own medium volume (100k messages a day) server I'm blocking
> 98% of spam without greylisting.

Sure, there are other methods of blocking spam.  I know a couple of
people using pf to just not accept TCP connections on port 25 from boxes
with win32 signatures.  I might add that to my regimen in the future.

For now, I think asking legitimate mailers to knock twice before I
accept is a small burden.  If enough mail servers out there picked up
the practice, the spammers and virus writers will move on to another
delivery method.  Right now, I'm not paying for those bits to cross my
wire and run up my bandwidth bill.

I'm not interested in filtering spam.  SA and procmail did a great job
of that.  I don't want it on my system at all.  I want it blocked,
period.

-- 
Michael Parson
mparson at bl.org

More information about the geeks mailing list