I don't think the RFCs specify any time limit. Most timeout after 5 days
of trying. We run 3 equivalent scanning machines, which requires us to
run a greylisting that will sync between them. That could cause a large
delay, if the sending machine tries to send to a different host that
isn't synced. Messages that aren't sent from the same machine (SMTP
farms like at GMail) can cause trouble as well, since the IP will
change. The whitelist usually will timeout after a period of time, so
there is a delay that may be induced again in the future, but that
depends on setup.
If a sensitive piece of mail needs to get through, it may be possible
for the user to send the message again after the delay period has
elapsed. This would be a new message, but if it leaves the same IP, with
the same from and to pair (or however your greylisting works), it would
fire right on through the greylist no problem. Not a perfect solution,
but should work for rare occasions.
One probably can whitelist recipients or recipient domains so that they
are not affected by greylisting.
Last week greylisting stopped 1.3 million messages, which is after the
blacklists and greet pause did their significant work.
Richard
Joey wrote:
One thing I have seen having greylisting on all 3 of my production email
servers (about 4 months now) is that it definatly stops a lot of spam,
HOWEVER I am seeing time sensative stuff take crazy amounts of time to be
delivered. I am seeing 1/2 hour as the average, not the 5 minutes we are
hoping for, and in a few cases we have seen a message delivered literally
DAYS later, which what I thought was against what the RFC's specify, but
it's what's happening. I had to move 1 client OFF our main servers onto a
reseller plan in order to accommodate getting them off of the greylisting.
Personally I get about 40 fewer spam messages a DAY because of greylisting
and I am not willing to give it up just yet.
Joey
-----Original Message-----
From: John Andersen [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 21, 2006 11:10 PM
To: users@spamassassin.apache.org
Subject: Re: Greylisting
On Tuesday 21 November 2006 06:02, [EMAIL PROTECTED] wrote:
I'm afraid you're right on this one.
Of course the spammers read this very list - and they have already
started to implement "anti greylisting" meassures...
It's just a matter of time before they see too little success rate
when they read the bot stats and start to circumvent greylisting too
:(
I have yet to try greylisting on a real production system. I am
concerned about the 5-15 mins. delay because we have some sensitive
customers that are already on their toes. But with the right set of
arguments I'm sure I can convince even the "worst" customer that
greylisting is a good thing...
still.
As I understand it, greylisting does not affect anything except the FIRST
attempt. From there on, it goes through as fast as ever.
Or am I wrong?
--
_____________________________________
John Andersen
--
Richard Frovarp
EduTech System Administrator
1-701-231-5127 or
1-800-774-1091
