Re: Which greylist milter is least maintenance
- From: dp <dp@xxxxxxxxxxx>
- Date: Sat, 08 Dec 2007 09:41:42 -0800
Jim Britain wrote:
I am going to implement greylisting in a sendmail milter.
Which is the most maintenance free in a business environment?
One mailserver, 100 addresses, about 14,000 active customer
correspondents. average daily mesage volume of 1,200 valid messages
after removing the 92% of spam/uce.
I'm shooting for removing the additional 150-200 spam messages a day
that get through.
I'm considering:
milter-greylist, graymilter and milter-gris, and smf-grey.
My experience with greylisting has not been particularly good. Technically it works great but end users seem to be endlessly annoyed with it. It has some surprising consequences, and delayed mail is common place (leading to annoyed users).
If you have multiple mail servers and MX records a sending system, on receiving a tempfail, will try the next. If that also has greylisting it will move to the next until it has exhausted your mx list. It will then queue the message and try later. Sometimes very much later, but that is out of your control.
If you have greylisting enabled on one but not all MX servers you effectively have no greylisting for sending systems that are smart enough to retry. Newer spambots don't give up after one try as did first gen spambots.
If you have greylisting on all your systems and they each maintain their own database you effectively have greylisting from hell. Some messages may never get through in a time frame that is meaningful to the recipient. Depending on how you track the sending systems, of course. Here's the greylisting from hell scenario I have seen most frequently. Mail comes from (fictitious domain to make a point) example.com. Example.com has 60 mail servers. At any particular queuing run any one of the 60 may try to deliver the previously greylisted message. Until all 60 systems have been recorded in your local database that message is effectively blocked. Interesting problem is when example.com's mail servers are in multiple domains. You can't simply whitelist example.com because some of their servers are not in example.com. So remember too that all your MX servers maintain their own greylist database, so this has to happen on every one of your servers. That can take a while.
My solution has been to use J-Chkmail (http://j-chkmail.ensmp.fr/) for my anti-spam milter because it includes greylisting using a tcp/ip connected j-greyd database daemon that all the mail servers can talk to - one database for all servers. It also provides Bayesian filtering, an internal hook to Clamd over unix or tcp/ip sockets, regex content filtering, URL blacklisting, behavioral analysis (open connections, connection rate, bad MX records, etc).
To keep the userbase happy it was necessary to whitelist all the major ISPs, all B2B partners, all the big mail handlers like postini, and of course all your own networks. In addition you have to whitelist certain recipients. Sales people don't like to have sales opportunities delayed for even a second. They would rather deal with spam than miss a sale.
Surely there are other solutions and even other problems.
dp
.
- Follow-Ups:
- Re: Which greylist milter is least maintenance
- From: Jim Britain
- Re: Which greylist milter is least maintenance
- From: Kari Hurtta
- Re: Which greylist milter is least maintenance
- References:
- Which greylist milter is least maintenance
- From: Jim Britain
- Which greylist milter is least maintenance
- Prev by Date: newaliases freezes
- Next by Date: Re: Which greylist milter is least maintenance
- Previous by thread: Which greylist milter is least maintenance
- Next by thread: Re: Which greylist milter is least maintenance
- Index(es):
Relevant Pages
|
