[Greylist-users] Does Greylisting *always* work?

Evan Harris eharris at puremagic.com
Tue Jun 24 01:09:31 PDT 2003


On Mon, 23 Jun 2003, martin dempsey wrote:

> Greylisting works great. I personally haven't had spamassasin flag a single
> message since I enhanced exim to do greylisting (I'm sure that won't last).

I'm glad to hear it's working for you.  But you're right, the "perfect
score" won't last, but it should stay pretty effective.  I didn't get a
chance to respond to this message earlier, but I saw the followups.  There
were a couple of points I wanted to touch on though.

> through. This isn't a greylist problem per se, but without manual research
> (and fixing it for them), I would have never received an email from them
> again.

I also discovered one where a system that cause trouble that was the result
of a misconfiguration, and they were happy to learn about it.  Greylisting
makes them more apparent, which could be seen as a good thing, since they're
easy to fix.

> It also appears that yahoo groups doesn't retry messages and that each
> message has a unique generated "sender email address". Looks like it might be
> a problem.

Yes, yahoo groups is a problem, because of the unique per message envelope
senders.  It's easily fixed with a whitelist entry for "66.218.66".  Maybe
if enough people start using greylisting, they'll stop doing that, but
that's probably hoping for too much.

> I also may be having a problem with a big ISP who is using a Mirapoint server
> that doesn't seem to be retrying most (but not all) messages . It identifies
> itself as " ESMTP Mirapoint 1.1.0". I've had users get "couldn't get mail
> through in 4 hrs messages, no action needed" messages back from the Mirapoint
> server even though it appears Mirapoint only attempted message delivery once.

I'd consider that bad behavior, but again, is easily worked around with a
whitelist entry.

> Evan: In your document you state based on 346k triplets more than 97.4%
> effectiveness at bouncing spam. That was assuming all email was spam. It also
> apparently assumes all messages that didn't get though were spam. Do you have
> any idea of the number of messages incorrectly blocked that weren't spam but
> didn't get through the greylist due to people using broken/stupid MTAs or
> other problems?

Because of the fact that the emails were blocked, and due to the huge
quantity of blocked emails, it was impossible to check that.  I had to rely
on the users on my test systems reporting problems if there was mail that
was incorrectly blocked.  And as a fairly technical (and whiny... <grin>)
bunch, they did so.

All the emails reported to me as not getting through were narrowed down to
the "many servers serving a common queue" problem.  Though I coded for it
and did functional tests on it, I didn't enable the automatic /24 subnet
matching workaround on my testing systems because I was afraid it might
reduce the effectiveness.  Plus, I wanted to see how many sites that was a
problem for.

In many cases, I was able to discover sites with that problem by just
watching the debug output of the milter, but sometimes it took a complaint
to notice one if it was low volume enough.  As I discovered sites, I added a
manual whitelist entry for them so they wouldn't be a problem anymore.  The
good news is there were pretty few, less than 10 that I had to whitelist.
The bad news is (of course) that they tend to be larger sites, and so
problems with them has a bigger impact.

Evan



More information about the Greylist-users mailing list