For a while I’ve been using limited greylisting on my mail server with reasonably good success.
Last weekend I implemented site wide and I have to say the results are dramatic. The amount of spam (even low rated by spamassassin) has dropped off significantly.
Detailed information on greylisting can be found here, but in a nutshell:
Greylisting relies on the fact that spammers don’t use normal mail servers. Basically, the first time a mail server receives a mail delivery request, it responds with a soft failure … with a message indicating that greylisting is in effect and they should retry the delivery in certain amount of time (this is a human readable message, not machine readable). Since normal mail servers will accept this message and requeue the email for delivery, the email will then be delivered normally (probably on the next pass).
Spammers aren’t that persistent, so they just go on to their next target.
A good greylisting implementation retains the list of servers that have successfully delivered in a whitelist, so the next time they try to deliver there is no delay, the delay is only encountered once.
One downside of greylisting that I’ve found is that there is an increased chance of messages arriving out of order when a server tries it’s first message deliver. The reason is this … the first message delivery will be attempted and be rejected due to greylisting, if a different message delivery is attempted AFTER the greylisting delay has expired but BEFORE the first message is delivered, then the second message will be delivered and will be out of context.
I’ve got my mail server configured to greylist servers for only 2 minutes … so the next time the server tries to deliver, it’s almost certain to be successful.
I’m using milter-greylist with sendmail. It was easy to setup and works great.
[tags]spam, sendmail, greylisting, milter[/tags]