Tag Archives: greylisting

Greylisting – the results


And, here’s the results. You can, I’m sure, immediately pick out the point where I turned on the greylisting service. It’s not a complete solution – I still get some spam – but you can see from the graph that I’m getting around 1/3 as much inbound mail as I was getting before.

It’s even more pronounced if you look at the month view

Notice that it affects the sent, as well as received, because so much of my outbound email was reject and bounce messages.

Greylisting

For quite some time, I’ve wanted to implement greylisting on my mail servers. But, to be honest, every time I looked at the greylisting howtos, they just made me feel stupid. Rather than telling me what to do to implement greylisting, they’d discuss the benefits of greylisting, and link to three other tutorials that did much the same thing. Some of them would partially describe an implementation, and leave the actual details to you, or perhaps reference a Perl script that may or may not be included in your particular MTA, and here’s a partial copy of it which may or may not work.

So, every time I tried to implement it, I ended up giving up in disgust.

I’ve just discovered Greyfix, which is a greylisting policy daemon that gets enabled by adding a line to main.cf, and one to master.cf. It took me 5 minutes to download, compile, and enable, and I have received TWO pieces of spam since I enabled it, while still receiving all of my regular email that I expected to receive. It is, by far, the most effective spam prevention measure I have ever implemented, bar none.

The basic premise of greylisting is that when someone sends you email, rather than accepting it, you say “why don’t you try that again a little later, ok?” If it’s a spammer, they’re trying to deliver millions of messages a minute, and the don’t have time to come back and try later. If it’s legitimate email, it gets put in the queue, and redelivered later. So it’s delayed a little, no big deal. If it’s someone that sends you a lot of email, then once they’ve successfully delivered something, they get put on the approved list, and don’t have to wait the next time. The consequence is that almost all spam gets dropped as undeliverable, and everything that came from an actual mail server gets delivered.

A very simple concept, and it’s always frustrated me that it was so difficult to actually implement. Turns out I was just looking at the wrong implementation.