[Greylist-users] relay identification

Evan Harris eharris at puremagic.com
Tue Jan 6 22:48:05 PST 2004 

Shorter delays still seem to be mostly effective.  I'm just waiting until
the spammers catch on and this becomes not the case.  I'm a little surprised
that they haven't already.

There are a few spammers that do seem to do a few retries before giving up.
The time before retry varies a bit, but most I have seen still seem to be in
the under 10 minute timeframe (so far).

Evan


On Tue, 6 Jan 2004, Tom Haapanen wrote:

> I'm using a an eight-minute delay, and that seems to catch more than 95%
> of the spam, based on three days of data so far.  For me, at least,
> increasing the delay to 58 minutes would significantly decrease user
> satisfaction with only a minimal gain in spam deterrence.
>
> mysql> select count(*), sum(passed_count), sum(blocked_count),
> sum(aborted_count) from relaytofrom;
> +----------+-------------------+--------------------+--------------------+
> | count(*) | sum(passed_count) | sum(blocked_count) | sum(aborted_count) |
> +----------+-------------------+--------------------+--------------------+
> |    16303 |              2053 |              16798 |                200 |
> +----------+-------------------+--------------------+--------------------+
> 1 row in set (0.20 sec)
>
> mysql>
>
> Tom
>
>
> On 2004-01-06 18:58, Tim Freeman wrote:
>
> >From: Allan E Johannesen <aej at wpi.edu>
> >
> >
> >>Prior greylist negotiations appear to mean that that IP runs an SMTP mechanism
> >>which will retry until success occurs.  Yes, it might still be spam, but I
> >>don't think greylist will do anything to it but delay it for an hour.  It's
> >>still going to hit unless the place gets blacklisted.
> >>
> >>
> >
> >The one hour delay might give spamtrap RBL's like cbl.abuseat.org a
> >chance to blacklist the spammer.
> >
> >
> >
> >>Well, to try to avoid hysteria about delayed email.  We appear to have some
> >>cases of that.
> >>
> >>
> >
> >I was thinking about reducing the delay from the default 58 minutes to
> >5 minutes to decrease the incidence of that problem (well, I'm my only
> >user, so there's no hysteria, but you know what I mean).  Then I
> >thought of the greylist delay & RBL blacklist scenario I mention above
> >and went back to 58 minutes.
> >
> >But this does raise the question -- in the absence of an RBL, does
> >anyone have reason to believe that spammers in practice get through a
> >5 minute greylist delay who won't get through a 58 minute greylist
> >delay?  If not, then the only benefit of 58 minutes over 5 minutes is
> >for the people who do an RBL first.
> >
> >
> >
> >------------------------------------------------------------------------
> >
> >_______________________________________________
> >Greylist-users mailing list
> >Greylist-users at lists.puremagic.com
> >http://lists.puremagic.com/cgi-bin/mailman/listinfo/greylist-users
> >
> >
>
> _______________________________________________
> Greylist-users mailing list
> Greylist-users at lists.puremagic.com
> http://lists.puremagic.com/cgi-bin/mailman/listinfo/greylist-users
>

More information about the Greylist-users mailing list