Logan Shaw wrote:
Basically, greylisting has an achilles heel: legit messages from unknown senders are delayed a long time. This is fine for
Only if you use a long delay. In my experience a grey period of 3 minutes is enough to stop most spam and viruses. Especially if you combine it with some anti-dictionary stuff. And (also in my experience), greylisting is still pretty effective even if you simply whitelist the sending host for a week (or longer) after a mail has made it past the greylist. This way only a few mails from each hosts will be delayed, and usually they will be delayed about 10 minutes. This might be more acceptable than long delays for most mail... Some people even do away with the delay and let everything through on the second attempt. This still stops a lot.
on it. If it comes up with a very low score (almost definitely not spam), let it pass. If it comes up with a very high score (almost definitely spam), drop it right away. If it comes up with an indeterminate score, apply the greylisting approach and delay it until later.
This can be done with MIMEDefang without implementing the actual greylist in SA. I suspect there are other solutions as well that can do this. Sure, it could be done in SA, but are the benefits big enough for enough people? I don't know. Maybe they are. Regards /Jonas -- Jonas Eckerman, FSDB & Fruktträdet http://whatever.frukt.org/ http://www.fsdb.org/ http://www.frukt.org/