Santiago Vila <[EMAIL PROTECTED]> writes: > Now that we have released sarge, I would like to ask debian-admin > and the Project Leader to consider seriously doing something to > reduce the level of spam we have to receive, store, and filter in > our @debian.org addresses. > > For example, we could use greylisting.
Greylisting scales well. Combined with a liberal set of whitelisted clients, you also reduce complaints about greylisting. I've got experience with use of greylisting for a mail platform with over 1M accounts. Enabling greylisting for this platform reduced delivered spam with 80-90%. This is simply because most of the infected machines does not attempt a second delivery of a mail connection terminated with a 4xx (temporary) error message. For the MX for lists.debian.org, murphy.debian.org, which runs postfix, the "postgrey" daemon seems to run well, althoug I have not used this for large installations yet. master.debian.org runs exim, which also have greylisting > Or we could reject messages that are known to come directly from > trojanized windows machines acting as open proxies. Or even better, > we could do both things. sbl+xbl seems to have a list with a short timeout, for servers sending out spam, in addition to the ROKSO list. However, I would rather use this list inside SpamAssassin, instead of using just the list to deny SMTP connections. Also, any technical means used to reduce spam will be temporary, since spammers continuously adapt to changes in the environment they abuse to earn money. -- Stig Sandbeck Mathisen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
