Feature Request: Greylisting |
Post Reply 
|
| Author | ||
mikek 
Senior Member 
Joined: 22 February 2005 Location: Switzerland Status: Offline Points: 133 |
 Post Options
 Thanks(0)
 Quote Reply
 Topic: Feature Request: GreylistingPosted: 03 July 2007 at 4:41am |
|
|
Could we pick up on the greylisting topic once more?
We've just purchased a Merak Mailserver License which has Greylisting built-in. We've been testing it with a few of our domains and I must say that greylisting works very well and takes such a load off the server, that I really would like to see it implemented in Spamfilter as well. About 90% of todays spam is caught by the greylist alone, meaning the server will never have to go beyond the RCPT TO: command, saving bandwidth and resources, since all the other filters do not have to be processed. Think about it, a greylisting implementation is not complicated... Cheers, Mike |
||
 |
||
|
Desperado
Senior Member
Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
Post Options
Thanks(0)
Quote Reply
Posted: 03 July 2007 at 12:41pm |
|
|
What about customers that expect instant delivery of messages? Some people use email almost like IM.
|
||
|
The Desperado
Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com |
||
|
||
|
mikek
Senior Member
Joined: 22 February 2005 Location: Switzerland Status: Offline Points: 133 |
Post Options
Thanks(0)
Quote Reply
Posted: 03 July 2007 at 2:07pm |
|
|
1. the filter would have to be configurable per domain, just like the other filters
2. an ip bypass for well known or misbehaving mailservers could as well be easily implemented 3. greylisting only introduces a delay on the first communication between a distinct sender and recipient. After that, there is no more delay for a configured amount of time. Again, I really like the idea behind greylisting. The implementation as easy, there is (practically) nothing to configure and it saves quite some bandwidth and cpu resources... Edited by mikek |
||
|
||
|
Desperado
Senior Member
Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
Post Options
Thanks(0)
Quote Reply
Posted: 03 July 2007 at 5:29pm |
|
|
I really do understand your reasons and request but our experience with outside services that graylist is that it causes an undue burden on our outbound server queue. Also, our outbound server only retries every 4 hours and some graylist supported servers seem to think that the message is new after 4 hours and re-graylists it so that it never goes out and we get many support calls that messages that our customers sent, never arrived. (Talk about a run on sentence!). I actually get rather irritated at servers that graylist us for the above mentioned reasons.
Having said that, it might be worth trying but I think it would be hard to quantify the benefits. Perhaps a user configured delay to the initial SMTP connection would be a compromise as I do see that "Spam Blast" servers appear to be less patient waiting for the initial 220 response than most mail servers.
Just my 3.5 cents
|
||
|
The Desperado
Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com |
||
|
||
|
WebGuyz
Senior Member
Joined: 09 May 2005 Location: United States Status: Offline Points: 348 |
Post Options
Thanks(0)
Quote Reply
Posted: 04 July 2007 at 12:14am |
|
|
Dan, I find most large ISP's implementing greylisting (like Yahoo and AOL) and have set my outbound server retry to 2,10,30,60 & 90 minutes. I was getting complaints about Yahoo mail taking forever to be delivered. I'm surprised you rusers haven't complained. I think the SFE version of Greylisting should include checking the autowhitelistforceddelivery file as well as doing its triplet check. My 5.0 cents ;-) |
||
|
http://www.webguyz.net
|
||
|
||
|
LogSat
Admin Group 
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 04 July 2007 at 9:18am |
|
|
We are including the greylisting filter in SpamFilter, most likely it will be disabled by default so as to not cause problems to admins who do not wish to use it.
While we can't promise this yet, we will be of course be trying to make it configurable per domain. We also don't think the full implementation of greylisting, as described in its documentation, is an optimal solution, so we'll be making some changes ourselves  to improve it, as Despearado already hinted about some of the problems this may cause.The new wave of PDF spam took precedence, and developing a new filter for this has slowed greylisting implementation a bit. We hope we'll have a beta within a few weeks. |
||
|
||
|
mikek
Senior Member
Joined: 22 February 2005 Location: Switzerland Status: Offline Points: 133 |
Post Options
Thanks(0)
Quote Reply
Posted: 04 July 2007 at 9:20am |
|
|
Well that's great news! Looking forward to the beta already! :-)
Cheers, Mike Edited by mikek |
||
|
||
|
Desperado
Senior Member
Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
Post Options
Thanks(0)
Quote Reply
Posted: 04 July 2007 at 10:26am |
|
My normal queue is around 5-10K messages so a 2 minute or even a 30 minute retry is not an option. We have it set a 2 hours which is the optimal for our outbound mail.
They have, in fact, complained but when we queue up 5000 messages to yahoo due to the graylisting ... and then we do a flush and they get blocked for "too many connections" error from yahoo, this is a problem. I thought gray listing was a good idea until we started becoming victims of the above situation. Good idea ... crappy implementation. Edited by Desperado |
||
|
The Desperado
Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com |
||
|
||
|
mikek
Senior Member
Joined: 22 February 2005 Location: Switzerland Status: Offline Points: 133 |
Post Options
Thanks(0)
Quote Reply
Posted: 26 October 2007 at 9:23am |
|
|
Any news from the greylisting filter feature front? :-)
 Edited by mikek - 26 October 2007 at 9:53am |
||
|
||
|
WebGuyz
Senior Member
Joined: 09 May 2005 Location: United States Status: Offline Points: 348 |
Post Options
Thanks(0)
Quote Reply
Posted: 26 October 2007 at 10:14am |
|
|
Roberto said they were working on it but ran into problems with syncing triplet info between multiple SFE servers. Would be good to get an update....
|
||
|
http://www.webguyz.net
|
||
|
||
|
LogSat
Admin Group
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 26 October 2007 at 11:09am |
|
|
"Unfortunately" we were having good results with a single SpamFilter, but to maximize performance, all the caching needs to be done in memory. This became a problem with multiple instances of SpamFilter however, as it was impossible to share the memory cache fast enough among multiple servers.
Having separate greylisting caches for multiple servers could cause an IP to be "allowed" on one server, but be "greylisted" on another. This could in turn cause a remote server to fail the delivery due to too many retries, if the retries keep going to different servers. Our only option would be to implement greylisting, but only for single-server configurations, but are afraid this would cause too many complaints from customers who deployed multiple SpamFilters. ...opinions are welcome! |
||
|
||
|
WebGuyz
Senior Member
Joined: 09 May 2005 Location: United States Status: Offline Points: 348 |
Post Options
Thanks(0)
Quote Reply
Posted: 26 October 2007 at 11:31am |
|
|
How about the SFE's cache locally and ALL of them periodically dump their caches to a SQL table and then copy table down back into memory. Most servers wait at least a few minutes before retrying to resend so if you can get all the SFE's to sync at the same time every x minutes it might not be too bad.
Even if there is a performance penalty the benefits of having greylisting amongst several SFE's might outweight that.
We all understand even you guyz have to work within the laws of physics.
 |
||
|
http://www.webguyz.net
|
||
|
||
|
mbrusl
Groupie 
Joined: 05 December 2005 Location: Thunder Bay Ont Status: Offline Points: 61 |
Post Options
Thanks(0)
Quote Reply
Posted: 26 October 2007 at 11:38am |
|
|
Impressive, I was going to mention something similar to that. My thoughts were to put a flag on it and if the other connected SF machines were hooked up, it could bypass those machines for that message.
Michael |
||
|
||
|
mikek
Senior Member
Joined: 22 February 2005 Location: Switzerland Status: Offline Points: 133 |
Post Options
Thanks(0)
Quote Reply
Posted: 29 October 2007 at 3:09am |
|
|
Speaking for myself, I would be happy with a "single-server configuration only" greylisting feature, since I'm not running multiple servers... :-)
But that's just me, I guess... |
||
|
||
|
ImInAfrica
Groupie
Joined: 27 June 2006 Location: FL, USA Status: Offline Points: 60 |
Post Options
Thanks(0)
Quote Reply
Posted: 20 November 2007 at 4:33pm |
|
|
I'll second a stand-alone greylisting!
Have been experimenting with some 'free' greylisitng (try hermes-project) only products but they don't handle the load at the moment.
the other problem is that all emails would come to SFI only from the ip address of the greylisting server. so all rbl functionality is lost + plenty more functionality.
we tried it on our secondary mx records as it seems to be getting way more spam then primary.
when it worked (for about 90 minutes at a time), it was great. almost no emails were processed, as they were 99% spam.
on this subject i have another idea/thought:
setup an additional MX record for one of your domains with the highest priority (read MX 99).
Chances that REAL mail servers will use that are minimal. within 10 minutes you should be able to see connections to that mx record. (100% spam from our testing).
If we then setup a smtp engine to listen on the mx records, act really slow (we know spammers like to send mail FAST), and most importantly drop the connection after the 'rcpt to:' command, only after the connection has been made to wait for 5-10 seconds. We know spammer prefer the high priority mx records, and we know they like fast smtp servers, so by acting slow, and dropping the connection, they won't try again = less spam. Any takers on the idea? any comments?
Amir
|
||
|
||
|
mikek
Senior Member
Joined: 22 February 2005 Location: Switzerland Status: Offline Points: 133 |
Post Options
Thanks(0)
Quote Reply
Posted: 21 November 2007 at 2:31am |
|
|
ImInAfrica: nice idea, but has some problems:
- if the primary mailserver goes down, the secondary MX will be tried, and if it rejects all mail, customers will not be happy - acting slowly and waiting means more concurrent connections and could be a performance issue - spammers don't care how fast your smtp server reacts - most spams are sent via bot-nets anyway and those are stupid smtp sending engines which probably don't care about speed... just my 2 cents... |
||
|
||
|
lyndonje
Senior Member
Joined: 31 January 2006 Location: United Kingdom Status: Offline Points: 192 |
Post Options
Thanks(0)
Quote Reply
Posted: 04 December 2007 at 4:06pm |
|
|
Hi Guys, long time no speak.
I personally would also like to see a stand alone implementation of the greylisting - as I also only run a single instance of SF, infact only today have I switched to SFE!
I would be very interested in seeing these results, but it must be a settings you can configure per domain.
And desperando - don't worry, I'm sure everyone here would happily whitelist your servers
 |
||
|
||
Topic Options
WebGuyz wrote:|
Post Reply
|
|
Tweet
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.152 seconds.