[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: public blacklists



On Wed, 2004-12-08 at 12:35, Hongwei Li wrote:
> >
> I do have spamassassin installed, but I'd like to block most spams before
> processing them.
> Could you please explain milter-greylist little more? Any document or link
> is greately appreciated!
> 
> Hongwei

Greylisting is pretty simple.  When your MTA is contacted there is an
exchange of information up front that includes the senders email address
and the recipients email address.  You also have the IP address of the
server contacting you.  These three elements form a tuple that is stored
in a database of some kind.  If this is the first time that tuple has
been seen your MTA issues a temporary failure code per the RFC (451 I
think).  That tells the remote MTA to retry again later.  The initial
connection is then dropped.

The tuple is put in the database with a time stamp.  The next time the
remote MTA contacts you to send that same message you check the database
and if the time out period has expired (this can normally be set by the
administrator, by default I think they use 30 minutes but I have found a
few minutes to be just as good) that entry is auto whitelisted and the
message is accepted.  Any additional messages from that same system with
the same to and from will not be delayed for however long the tuple is
kept in the database.  Again this is a settable parameter can be set for
several days if you like.

You can also autowhitelist known associates or systems so no delays will
be incurred by known good MTAs.  

Most spam comes from zombie systems.  These systems do not retry a
message if there is a failure, they just move on to the next victim
since numbers are the game that they play.

I saw a reduction in spam from 3000-6000 a day to 5-10 a day on the
system at work.

Major savings in time and effort.

There are several different implementations of greylisting for all the
major MTAs.  I liked milter-greylist since it did not require a mysql
database like one of the others I looked at.  It was easy to implement
has has worked very well.  Way beyond what I expected.

-- 
Scot L. Harris
webid cfl rr com

It isn't easy being a Friday kind of person in a Monday kind of world. 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]