Results 1 to 16 of 16
  1. #1

    Greylisting/SMTP banner delay

    Recently started greylisting/SMTP banner delay in addition to spamassasin and I must say my spam has dropped 10 fold, from many 1000's of spam a day to less than a 1000.

    I was wondering if anyone else has been using greylisting/banner delay and if there are any adverse effects of using it, i.e. losing mail from some none RFC compliant SMTP hosts or hosts who have set there retry queues to very low numbmers possibly too low for standard greylisting?

    I'm just wondering with such good results if I am throwing away genuine emails as there is always normally a catch! ;p

  2. #2
    Join Date
    Aug 2005
    Location
    Canada
    Posts
    838
    My previous host was using it, and fellow users were complaining about loosing mail notification from some services/registration-forms/etc.

    I turned it off, after a while (although I didn't see any problem).

  3. #3
    Join Date
    Oct 2003
    Location
    Chattanooga
    Posts
    8,985
    Pillhead,

    I've found that with almost every method of filtering some legitimate mail is going to be lost. It's inevitable when your friends are forwarding their weekly viagra deals to you but it's something we learn to live with!

    Overall I've found the best solution is end-client filtering: Saves on cpu and gives clients exactly what they want -- control.

    (Someone will almost always whine about receiving too much spam but you can't please everyone )
    David
    Web hosting by Fused For businesses with more important things to do than worry about their hosting.

  4. #4
    Quote Originally Posted by extras
    My previous host was using it, and fellow users were complaining about loosing mail notification from some services/registration-forms/etc.

    I turned it off, after a while (although I didn't see any problem).

    Ahh yeah, I heard that yahoo newsgroups dont try again as per standard SMTP rules, though most forum software uses the local smtp mailer which would be something like sendmail/postfix/qmail so technically should adhere to the rules of those mailers and not lose any mail.

    I think for my situation the benefits outweigh losing notifications/etc, cheers for the info though

  5. #5
    Quote Originally Posted by David
    Pillhead,
    Overall I've found the best solution is end-client filtering: Saves on cpu and gives clients exactly what they want -- control.
    Greylisting saves you a tonne of cpu time due the fact the spam doesnt reach the spam filter

  6. #6
    Join Date
    May 2006
    Posts
    307
    Quote Originally Posted by David
    Overall I've found the best solution is end-client filtering: Saves on cpu and gives clients exactly what they want -- control.

    (Someone will almost always whine about receiving too much spam but you can't please everyone )
    even though, spam will take a lot of system resources, and I have seen many customers dont know how to manage spam at their end :| I prefer a filter system from server side, even it might make some emails lost, but as you said, you can't please everyone
    Traditional music traveling

  7. #7
    I'm just going on the principle that as long as no important HAM is getting lost I'm happy, I couldnt really care if someone loses stuff like subscription list notifications from yahoo.

    I guess that most important mails will be coming from normal end users who will use an average joe bloggs ISP that is probalby an RFC complient SMTP mailer, its only mass mailers that dont want to confirm to this standard, oh and some old version of lotus notes apparently (well you need beating with a stick if your using lotus notes so probalby good thing the mail didnt get delivered ;p).

    As long as noone knows of any big ISP that runs there SMTP mailers in this way, I'm failry happpy I think

  8. #8
    Join Date
    Oct 2002
    Posts
    5,177
    Good experiences here with greylisting. Using a product called XWall to handle the greylisting, and so far it seems to have cut back on the "fire and forget" spammers. It ranks up there with Bayesian filtering on my list. Provided that users help "teach" the Bayesian filter, of course
    If you have to operate your company behind the scenes or under a fake name, maybe it's time to leave the industry and start something fresh.

  9. #9
    Join Date
    Jun 2004
    Location
    Tampa Florida
    Posts
    428
    We Greylist. It has been VERY effective. Probably the biggest single thing we have done to reduce spam.
    I haven't noticed any issues with Yahoo groups.. I have has some trouble with a few cellular providers who have built there own mail systems that will not resend..
    Rock solid hosting and dedicated servers since 1998!
    StabilityHosting Where stability and uptime are king!

  10. #10
    I think you can effectively filter without greylisting *shrug*. I've never been a real big fan of it considering if you run a large mail complex and all the servers your complex has to send mail to greylist thats a ton more sockets open at once which means you have to buy more hardware, etc.

  11. #11
    Join Date
    Mar 2003
    Location
    Saint Paul, MN
    Posts
    826
    Not a fan of greylisting at all. It's only effective against a moderate percentage of spam, generally the easiest-to-identify kind, it doesn't help much at all if you've got more than one MX, it does block a fair bit of legitimate mail, and it delays the delivery of legitimate mail, sometimes by as much as half an hour or longer (and is more dependant on the settings of the sending server than those of the receiving).
    redpin.com - offering amazingly competent email, dns, and web hosting since 2002... because someone has to!
    Because Simple Things Should Be Simple - YouCANHasDNS

  12. #12
    Join Date
    Jun 2004
    Location
    Tampa Florida
    Posts
    428
    If you have your greylisting set up to whitelist a netblock after it is successfully sent one mail through the greylist filter then you only delay that 1 email. Usualy done with /24 netblocks, this generaly resolves most of the mail delay and blocking of legitimate mail issues.
    Rock solid hosting and dedicated servers since 1998!
    StabilityHosting Where stability and uptime are king!

  13. #13
    Join Date
    Mar 2003
    Location
    Saint Paul, MN
    Posts
    826
    True, but whitelisting /24s seems (to me) to be defeating the somewhat useless point of greylisting, namely forcing sending hosts to "prove" they're somewhat functional mailservers, and not just scripts or bots. If I accept email from the mailserver for (a ficticious, I think) Nishnabotna Technical College, it doesn't mean I want to accept mail from three classrooms full of infrequently-updated Win2K workstations...

    If you're going to whitelist, which I'm not convinced is of any real use, it should, IMO, be done on a per-server (read: IP) basis. Otherwise, it's a bit like giving your friend a key to your house so he can feed your cats when you're on vacation - and giving a key to everyone who lives on his block, as well.
    redpin.com - offering amazingly competent email, dns, and web hosting since 2002... because someone has to!
    Because Simple Things Should Be Simple - YouCANHasDNS

  14. #14
    Join Date
    Jun 2004
    Location
    Tampa Florida
    Posts
    428
    I think, Like everything when dealing with spam, there is a grey area. We whitelist /24s. We due it to prevent some of the issues listed above. We expire the whitelist after 24 hours. It seams to have the effect we were looking for. We have been doing it for a long while now. It took some tweeking to get it just where we were comfortable. But I havent gotten any customer complaints about it in many months and it has cut the volume of mail by 60%. and spamassassin is no longer the highest cpu user on our mail servers.

    t might not be right for everyone. and like all other solutions, it needs to be thought out. But we love it and it has worked to our expectations.
    Rock solid hosting and dedicated servers since 1998!
    StabilityHosting Where stability and uptime are king!

  15. #15
    Quote Originally Posted by Ankheg
    Not a fan of greylisting at all. It's only effective against a moderate percentage of spam, generally the easiest-to-identify kind, it doesn't help much at all if you've got more than one MX, it does block a fair bit of legitimate mail, and it delays the delivery of legitimate mail, sometimes by as much as half an hour or longer (and is more dependant on the settings of the sending server than those of the receiving).
    Well may badmail archive which is a gunzip of the last 24 hours spam mail run overnight dropped a digit in size, think its safe to say its slightly better than moderatly effective ;p

    I use spamassassin with DCC/PYZOR and all the other mod/cons and actual spam hitting my mailbox has also dropped 10 fold, so spam caught by spamassassin has dropped 10 fold + an actual decrease in spam not caught by spamassassin adds up to alot of CPU time reclaimed plus less spam for me.



    In terms of effectiveness it is the single most effective method I have implemented yet, though obviously jubious of losing genuine mail, delayed mail is a small price to pay.

  16. #16
    Join Date
    Jan 2003
    Location
    Lake Arrowhead, CA
    Posts
    789
    Just an FYI that if you choose to use SMTP banner delay on a commercial mail server, you WILL lose at least some HAM from legitimate, though poorly configured mail providers. We briefly tested this on a few servers and logged every IP dropped by the banner delay for one day. While it did block some spammers, it also blocked at least as many legitimate mailers with borderline non-compliant servers (basically, any which start sending before the greeting is complete, which includes a LOT of mailing list software). You shouldn't lose mail from long established companies with RFC compliant mail servers, but that's not everyone.

    Greylisting works pretty well, but be ready to force customers who use SMTP auth over dynamic IPs to use an alternate port unless they want to wait 5+ minutes to send mail every time their IP changes (the first time).
    http://www.srohosting.com
    Stability, redundancy and peace of mind

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •