[Greylist-users] some comments on spamd

Eric Brunson brunson at brunson.com
Tue May 31 11:30:44 PDT 2005 

Ronald Oussoren wrote:

>
> On 31-mei-2005, at 19:17, Graham Toal wrote:
>
>> A final update on my saga of building a greylist server using spamd...
>>
>> It has been live in front of the University of Texas Pan American for
>> two weeks now.  I am using greylisting plus a small list of  blacklisted
>> IPs which I built myself by observing the traffic hitting the greylist
>> and then checking each IP against other blacklists to make sure they
>> were indeed bad networks.
>>
>> We have cut down incoming spam by 90%.  We now get one spam per good
>> mail instead of 10 spams per good mail.  We reject over 80,000
>> *connections* per day from spammers, and presumably far more actual
>> spam deliveries than than (as many of the connections would have sent
>> to every user on campus - 15,000+)
>
>
> Do you, or anyone else, have any indication on the amount of false
> positives with greylisting? I've disabled greylisting on a site because
> several people complained that their mail didn't get through. It seems
> that some mailers are confused by a 4xx result at an unexpected location
> and drop that e-mail.
>
> That is of course a bug in the sending MTA, but I find disappearing
> e-mail highly disconcerning even if it is only a very, very tiny 
> fraction
> of all e-mail.
>
> If it weren't for those disappearing e-mail I'd never disable 
> greylisting,
> we also got a 90+% decrease in the amount of incoming spam and e-mail
> virusses.
>
> Ronald


I've personally had no reports of lost mail from any of my customers. 
We handle about 6000 connections and deliver about 1000 pieces of email
a day.

I agree with you that disappearing mail is a disturbing problem, but a
failure to correctly handle a soft (4xx) failure is a *very* bad thing. 
Just this weekend I ran out of space in my queue directories and
postfix, independent of greylisting, started issuing soft errors because
it couldn't spool the incoming mail.  The volume of mail that could have
been lost would have been ugly.  There are many other reasons why a well
behaved MTA *needs* to issue a 4xx error and failure to properly handle
that condition would result in lost email.

You could give that as a valid argument as to why these upstreams need
to fix their MTAs.

Just my thoughts.

More information about the Greylist-users mailing list