[Mimedefang] Justifying greylisting to management

Gary Schrock lists at eyelab.psy.msu.edu
Mon Feb 27 12:52:38 EST 2006 

Jeff Rife wrote:
> This is why I turned to this group of experienced mail admins. I need
> a way to justify occasionally delaying good e-mail to people who have 
> already said that occasionally *blocking* good e-mail (and thus 
> *really* delaying it) is acceptable.
>   

Now that's an interesting attitude for them to have.  Personally, my 
guess is that you're not going to have a lot of luck, if they can't look 
at their own argument there and see that it's somewhat weird.

My 2 cents on greylisting:  I run a small site (like 30-40 users) for 
our lab, largely because many years ago we found that relying on the 
university servers was unpleasant at best (they're better now, if not 
perfect).  Unfortunately, that also means that in general email is 
pretty much instantaneous, and my users have come to expect that.  We 
tried greylisting out a while back, and for the most part it flowed 
pretty smoothly, however, I also didn't really feel it was doing a 
significant job of stopping the incoming spam onslaught.  It certainly 
didn't seem to reduce the number of false negatives that we were getting 
(this would have been with an older SA version that we still got a 
reasonable number of false negatives with).  That wouldn't have been a 
huge deal, but then I started noticing that some people were having 
problems getting through at all, even after they should have been 
whitelisted by the greylisting system.  After some investigation, it 
appeared that our greylisting db had gotten corrupted.  I reset it, and 
we gave it another try, but eventually we ended up with the same problem 
again.  I never really had the time, nor the inclination (since it 
seemed to be limited in effectiveness anyways) to track it down, and we 
ultimately just removed the system.  Now, running a current SA and using 
some of the SARE rules, we get far fewer false negatives than we ever 
did, and I'm not sure I've seen a false positive in a while, so we have 
even less incentive to run greylisting.  (Note, our hardware is far more 
than we need for it's purpose, so a resource issue that may cause others 
to consider it isn't a problem for us).

Long story short?  My personal opinion is that a decent spam setup may 
make greylisting of limited use, and don't ever trust anything important 
to the berkeley db system that comes with freebsd.

Gary Schrock

More information about the MIMEDefang mailing list