[Mimedefang] greylisting does it still work?

Jeff Rife mimedefang at nabs.net
Tue Apr 17 14:03:11 EDT 2007


On 17 Apr 2007 at 15:58, Jonas Eckerman wrote:

> Wayne wrote:
> > So did you setup a modified greylist for your filter_relay that rejects 
> > all the hosts that you have never seen? Then you add that hostname to a 
> > database table and  then the next time they connect after 10 seconds you 
> > let them in.
> 
> Yes, that description fits quite well.

I can't see how this will stop anything more than greylisting by 
itself.

If a host retries this just means they would have to try 3 times.  If a 
host doesn't retry, then greylisting by itself would weed them out, 
although you would have to run filter_helo, _sender, and _recipient, 
but those aren't generally expensive.

>From my database, it looks like filter_helo catches a lot of them 
anyway.  Of 4736 IPs with a single connection to my MX servers, 2558 
were rejected in filter_helo, and 95 were from server farms where they 
were within the same /24 as a greylisted entry.  That's more than half 
that are either legitimate or were rejected early anyway.

I also like that fact that _helo, _sender, and _recipient allow you to 
delay the response back to the client, which _relay does not permit.  I 
delay rejections by 20 seconds (but I tempfail immediately).


--
Jeff Rife |  
          | 
http://www.nabs.net/Cartoons/OverTheHedge/VelveetaAndRotel.gif 





More information about the MIMEDefang mailing list