[clug] spamsum usage in the real world

Kim Holburn kim at holburn.net
Wed Nov 15 06:17:00 GMT 2006 

In grey-listing there should be no replies, you reject the  
connection.  You don't bounce or reply, in fact bouncing is something  
not to do if at all possible.  There is too much danger of having  
spammers use you for joe jobbing if you bounce.  But once you get the  
second duplicate email you generally white-list the sender and  
thereafter there is no delay.

You can grey list with a 30 second delay if you want.  It doesn't  
much matter.  Grey-listing shouldn't cause much delay at all.  Of  
course I'm not sure it's much use either.

Using virtual servers on high mx preferences to block is quite a  
useful technique a colleague of mine was experimenting with.


On 2006/Nov/15, at 4:19 PM, Nemo wrote:
> The hypothetical that turned me off greylisting in a business
> environment was the idea of getting an email to info@ (greylist  
> delayed), the reply cmoing
> from some randomfirst.lastname@ address, which then gets replied to
> (greylist delay), and then escalates to manager@ (or another random@
> address) = another greylist delay...
>
> ...and since we're relying on a remote server to resend, the delay is
> potentially unknown every time.
>
> It's true email shouldn't be considered real-time, but most people
> consider it more or less to be, and regular observed delays cause user
> satisfaction issues :(
>
> .../Nemo
>
>
>
>
>
> On Wed, Nov 15, 2006 at 03:15:02PM +1100, Alex Satrapa did utter:
>> On 15 Nov 2006, at 14:34, Nemo wrote:
>>
>>> ... especially many business users who are more likely
>>> to have have many short-lifetime email conversations than personal
>>> users, the delays would be unacceptable.
>>
>> When done properly, greylisting only affects the initial message from
>> a host. After that, the originating host is "whitelisted" and the
>> remainder of the conversation occurs without any artificial delays.
>> You don't need to greylist if the sender is approved by relevant SPF
>> records - the policy manager for your mail server should sort that
>> out ("If approved by SPF, it gets through, otherwise greylist it if
>> we haven't seen it, otherwise resort to RBL/XBL").
>>
>> The only point of greylisting is buying time so that other measures
>> can take effect. Greylisting all new hosts for 15 minutes may be the
>> difference between receiving spam/viruses/whatever, and dropping it
>> due to the RBL being updated in the meantime, for example. That's the
>> theory anyway.
>>
>> Alex
>>
> -- 
> linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux

--
Kim Holburn
IT Network & Security Consultant
Ph: +61 2 61258620 M: +61 417820641  F: +61 2 6230 6121
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request
Cacert Root Cert: http://www.cacert.org/cacert.crt
Aust. Spam Act: To stop receiving mail from me: reply and let me know.
Use ISO 8601 dates [YYYY-MM-DD] http://www.saqqara.demon.co.uk/ 
datefmt.htm

Democracy imposed from without is the severest form of tyranny.
                           -- Lloyd Biggle, Jr. Analog, Apr 1961

More information about the linux mailing list