Greylisting

For a while I’ve been using limited greylisting on my mail server with reasonably good success.

Last weekend I implemented site wide and I have to say the results are dramatic. The amount of spam (even low rated by spamassassin) has dropped off significantly.

Detailed information on greylisting can be found here, but in a nutshell:

Greylisting relies on the fact that spammers don’t use normal mail servers. Basically, the first time a mail server receives a mail delivery request, it responds with a soft failure … with a message indicating that greylisting is in effect and they should retry the delivery in certain amount of time (this is a human readable message, not machine readable). Since normal mail servers will accept this message and requeue the email for delivery, the email will then be delivered normally (probably on the next pass).

Spammers aren’t that persistent, so they just go on to their next target.

A good greylisting implementation retains the list of servers that have successfully delivered in a whitelist, so the next time they try to deliver there is no delay, the delay is only encountered once.

One downside of greylisting that I’ve found is that there is an increased chance of messages arriving out of order when a server tries it’s first message deliver. The reason is this … the first message delivery will be attempted and be rejected due to greylisting, if a different message delivery is attempted AFTER the greylisting delay has expired but BEFORE the first message is delivered, then the second message will be delivered and will be out of context.

I’ve got my mail server configured to greylist servers for only 2 minutes … so the next time the server tries to deliver, it’s almost certain to be successful.

I’m using milter-greylist with sendmail. It was easy to setup and works great.

[tags]spam, sendmail, greylisting, milter[/tags]

3 thoughts on “Greylisting

  1. Pelle

    Greylisting is indeed the most effective weapon against spam that I have found. We implemented it on our server about a year ago and saw immediate drastic decline in spam levels. The only real annoyance is that it sometimes takes a bit of time for mail to appear from from a new sender.

    We use an OpenBSD server with qmail and OpenBSD’s built in Spamd honeypot. Anyone blacklisted by the grey list get stuck in the spamd server for 20 minutes or so, which at least slows them down a bit.

    Reply
  2. Cris Daniluk

    Isn’t this one of those tools that is effective now, but effectively worthless once everyone adopts it? It’s so easy to work around (just try again) that spammers will do so as soon as it impacts their ability to reach inboxes..

    Reply
  3. david

    Well, the technique depends on the fact that spammers don’t want to hang around long enough to be identified … so if they can’t deliver the spam fast, they won’t deliver it at all.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *