Thanks to Erik for pointing me in the right direction and getting me
started on this. I don't know if this will materialize or not, but
here's what I've found to this point.
Greylisting has reportedly had much success in the spam war. There are
benefits, but there are also drawbacks. There are many web references
which discuss the situation. Here is a brief summary:
Benefits:
.) spam is rejected at the smtp layer, which translates into substantial
savings in bandwidth and server resources (load)
.) very high rate of rejection (at least for now)
.) little impact on users and administrators to implement
.) no false positives
Drawbacks (summary):
.) delay in receiving first-time correspondence
.) first-time becomes every-time for some list mailers, ezmlm in particular
.) all mail servers in a domain must implement greylisting for it to be
effective
While greylisting is not a replacement for existing spam fighting tools,
it's a nice addition to the arsenal and makes some existing tools more
effective. While the drawbacks are considerable, there are ways of
dealing with them that are manageable. I've concluded that I'd like to
see greylisting as a feature of the Toaster.
I proceeded to search for existing greylist software that would fit well
in the Toaster. There are a lot of solutions available (I won't go into
details here), but only one that I thing might fit well with the
Toaster. It's available from Bill Shupp (http://www.shupp.org), who made
the qmail and clamav patches.
Bill notes on his website that this patch is EXPERIMENTAL. Has anyone
here experimented with it at all? Is there any reason why we (I?)
shouldn't give it a try?
I also found a nice additional patch at http://www.dewmill.com/qmail.html
which apparently allows for per-user control of virus scanning,
greylisting, and acceptable recepients. I'd like to see this patch added
in conjunction with greylisting. It would allow for easier phased-in
implementation of greylisting, while providing other per-user tailoring
as well.
Erik mentioned previously that most qmail greylisting patches do not
work properly in conjunction with smtp-auth. Does anyone know if this
also the case or not with these patches?
I'm interested to know what anyone thinks of this (especially J/E/N). I
don't want to delve further into this without some sort of group
consensus. TIA for your input.
P.S. The problem with ezmlm will be taken up later in a separate thread.
It may or may not still be a concern, but has no bearing on implementing
greylisting with qmail (the toaster).
--
-Eric 'shubes'
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
