I'm considering a greylisting setup for WCNet.org to help slow the influx of spam that we have to run thru the backend spamd scanners. It's pretty bad these days. I've read a fair amount about the topic, but figured I'd ask here for any gotchas or horror stories.
As a point of reference, my implementation will probably be Exim 4.xx and greylistd.
On the hardware side, the main mail server is dual processor Sun 280R with 1GB RAM. Exim hands messages off to procmail which calls SpamAssassin via the spamc client. There are currently 4 backend boxes that host spamd processes.
On a slow day, we handle 150,000 messages. On busier days it's closer to 250,000.
I considered just using Spey, since a greylisting SMTP proxy would drop in very easily, but it doesn't seem to be very battle tested yet.
We're staying with Exim, so please don't suggest a non-Exim solution. Thanks for any input on this.
Posted by jzawodn at October 17, 2004 09:18 PM
Why SpamAssassin and not DSpam?
And why exim? (I don't remember why exactly anymore I chose postfix over exim, but I think postfix rocks.)
Postfix has a pretty good greylisting solution. The mailgraph author, DWS has something up: http://isg.ee.ethz.ch/tools/postgrey/
It was on postfix-users awhile back. Not too much interest as I saw, but its still there.
I'd go for greylisting myself, but I just can't stand the delays between retries. (Baynesian filters catch everything anyway.)
Whoops. Eyes just glazed over that last part. Please nuke this and that too.
Sorry about that. :)
I've had good luck with SA and greylistd on small installs. Another thing to consider, is that Exim lets you set conditions on what mail will be eligible for greylisting. I have my domains set up so that only hosts that are on the Spamhaus lists, and don't have reverse DNS, etc are greylisted.
If you're only using a single MTA, greylistd sounds like a good solution. If you want to support multiple mail servers, I'd recommend using a MySQL solution to avoid unnecessary delays due to multiple unsynchronized greylists.
As an aside, I've also had positive results incorporating the result of sender address verification into the SpamAssassin score using Exim.
http://xn.pinkhamster.net/blog/tech/mail/sender_address_verification.html
btw, posting comments seems to be broken if you do a preview first. it looks like it's because you added the first name thing.
That greylisting sounds interesting. I have been working on some antispam solutions this week, and I'm thinking that perhaps I should add it into the mix.
Greylisting works great - for me, 95% spam reduction. Set things up in a dry run mode first, and do it when you can keep an eye on things. Watch out for those crazy Yahoo Groups folks who treat temporary failures as permanent..
