I'm considering a greylisting setup for WCNet.org to help slow the influx of spam that we have to run thru the backend spamd scanners. It's pretty bad these days. I've read a fair amount about the topic, but figured I'd ask here for any gotchas or horror stories.

As a point of reference, my implementation will probably be Exim 4.xx and greylistd.

On the hardware side, the main mail server is dual processor Sun 280R with 1GB RAM. Exim hands messages off to procmail which calls SpamAssassin via the spamc client. There are currently 4 backend boxes that host spamd processes.

On a slow day, we handle 150,000 messages. On busier days it's closer to 250,000.

I considered just using Spey, since a greylisting SMTP proxy would drop in very easily, but it doesn't seem to be very battle tested yet.

We're staying with Exim, so please don't suggest a non-Exim solution. Thanks for any input on this.

Posted by jzawodn at October 17, 2004 09:18 PM

Reader Comments
# Al said:

Why SpamAssassin and not DSpam?

And why exim? (I don't remember why exactly anymore I chose postfix over exim, but I think postfix rocks.)

on October 17, 2004 10:18 PM
# david said:

Postfix has a pretty good greylisting solution. The mailgraph author, DWS has something up: http://isg.ee.ethz.ch/tools/postgrey/

It was on postfix-users awhile back. Not too much interest as I saw, but its still there.

I'd go for greylisting myself, but I just can't stand the delays between retries. (Baynesian filters catch everything anyway.)

on October 17, 2004 11:44 PM
# david said:

Whoops. Eyes just glazed over that last part. Please nuke this and that too.

Sorry about that. :)

on October 17, 2004 11:48 PM
# Clayton O'Neill said:

I've had good luck with SA and greylistd on small installs. Another thing to consider, is that Exim lets you set conditions on what mail will be eligible for greylisting. I have my domains set up so that only hosts that are on the Spamhaus lists, and don't have reverse DNS, etc are greylisted.

on October 18, 2004 07:25 AM
# Christian G. Warden said:

If you're only using a single MTA, greylistd sounds like a good solution. If you want to support multiple mail servers, I'd recommend using a MySQL solution to avoid unnecessary delays due to multiple unsynchronized greylists.

As an aside, I've also had positive results incorporating the result of sender address verification into the SpamAssassin score using Exim.
http://xn.pinkhamster.net/blog/tech/mail/sender_address_verification.html

btw, posting comments seems to be broken if you do a preview first. it looks like it's because you added the first name thing.

on October 18, 2004 08:44 AM
# sproket90 said:

try ASSP

http://assp.sourceforge.net/

very easy to setup and configure...

on October 19, 2004 05:19 AM
# Scott Johnson said:

That greylisting sounds interesting. I have been working on some antispam solutions this week, and I'm thinking that perhaps I should add it into the mix.

on October 22, 2004 09:41 AM
# Jason Fesler said:

Greylisting works great - for me, 95% spam reduction. Set things up in a dry run mode first, and do it when you can keep an eye on things. Watch out for those crazy Yahoo Groups folks who treat temporary failures as permanent..

on October 23, 2004 10:11 PM
Disclaimer: The opinions expressed here are mine and mine alone. My current, past, or previous employers are not responsible for what I write here, the comments left by others, or the photos I may share. If you have questions, please contact me. Also, I am not a journalist or reporter. Don't "pitch" me.

 

Privacy: I do not share or publish the email addresses or IP addresses of anyone posting a comment here without consent. However, I do reserve the right to remove comments that are spammy, off-topic, or otherwise unsuitable based on my comment policy. In a few cases, I may leave spammy comments but remove any URLs they contain.