[Mimedefang] greylisting does it still work?
Jeff Rife
mimedefang at nabs.net
Mon Apr 16 19:48:58 EDT 2007
On 16 Apr 2007 at 17:49, Wayne wrote:
> I have started to receive a bunch of spam in the last couple of weeks and
> looking at the messages and headers I can't seem to find a way to get them
> blocked. I was wondering if greylisting is still affective?
It is still effective, depending on your use pattern. For me, though,
bad HELO blocking is the #1 blocker, with other "RFC-based" blocks
second. From the last two weeks:
Pre-greeting traffic: 164
Connection rate limit: 159
Connection count limit: 13
Temporary blacklist: 30
Greylist delays: 758
Whitelist exceptions: 1198
Bad HELO blocked: 951
(IP address): 256
(not FQDN): 614
(spoofing): 81
Failed relay attempts: 37
Sender domain doesn't exist: 156
Unknown recipient: 176
(INN msg IDs): 130
Mail accepted: 1388
Virus e-mail dropped: 25
High value SPAM dropped: 83
SPAM e-mail detected: 15
As you can see, of the 1388 messages that made it to the data phase,
1198 of them were from the whitelist (either pre-loaded or discovered).
That means that only 190 messages made it through the greylist, with
568 being stopped (Greylist delays - 190 = the number that retried).
For me 568 messages that almost certainly were spam is a lot (nearly
30% of the total 1956 that would have made it to the data phase).
Add in the bad HELO, and just those two methods are blocking 49% of
total e-mail, all before any expensive checks are run. Overall, I'm
blocking 73% of e-mail with all the early, fast checks.
The "temporary blacklist" is for messages that get rejected as high
value spam or viruses, which get put in the database as a blacklist
entry with an expiration based on how "bad" the behavior was.
--
Jeff Rife |
| http://www.nabs.net/Cartoons/OverTheHedge/Workaholic.gif
More information about the MIMEDefang
mailing list