[Mimedefang] Greylist effectivness? (was: Greylisting and RelayDB)
Jonas Eckerman
jonas_lists at frukt.org
Sat Dec 6 20:15:36 EST 2003
On Sat, 6 Dec 2003 16:02:50 +0100, Jonas Eckerman wrote:
> * a greylist implementation
As an illustration of why greylisting can help, here's the current state of my greylist:
http://whatever.frukt.org/graphdefang/?view=_totals_#Current_500_Greylist.png
Black means that no mail ever came in through the window a triplet got, white means one or more mails came thorugh.
This is with only a 10 minute block for each triplet, a 36 hour window (minus the 10 minutes) and a 36 days extension of the window whenever a mail pases through. I'm also listing only the domain parts of sender addresses (due to all those mailing lists that uses a diferent "user" part for every mail) and only the first three octets of the sending relays (to handle load balanced server parks and such). And of course our secondary MX server is whitelisted.
A pretty mild greylist, but a majority of the triplets still never come back. Wonder how much of the stopped stuff is spam and how much is virii/worms...
/Jonas
--
Jonas Eckerman, jonas_lists at frukt.org
http://www.fsdb.org/
More information about the MIMEDefang
mailing list