Noel Jones put forth on 12/6/2010 11:10 AM: > If you decide that greylisting is right for you, postgrey is a popular > choice -- it's flexible and reliable. ... > See google for benefits and risks of using greylisting if you're not > familiar with it.
Interestingly, just a few days ago I decommissioned Postgrey on my MX along with some other A/S countermeasures. I did this after analyzing logs for some time. I ran Postgrey for about a year. It was stopping some spam at the beginning, although very little, but none for the last few months, and was simply slowing down some legit mail. This is not a reflection on Postgrey performance or reliability, but simply that my other A/S countermeasures are killing everything that can be killed before Postgrey gets a crack at it. The spam that currently gets through my countermeasures basically falls into the following categories: 1. Gorilla/freemail hacked accounts, usually phish but varies 2. Phish from other compromised webmail accounts, Exchange servers, etc 3. Snowshoe from ranges I don't already have in my CIDR block tables Greylisting's sole function is to stop bot spam, as any real MTA will retry. If your current countermeasures do a reasonable job of stopping bot connections I wouldn't add Postgrey. If you're using Postfix 2.8 with Postcreen I'd guess greylisting is unnecessary. I've not tested Postscreen myself yet, but from what what I gather from posts here it's pretty effective. Postscreen will stop the bots without delaying legit mail. Thus, my recommendation would be to move to Postfix 2.8/Postscreen and avoid Postgrey. If you're unable to move to 2.8 at this time, and your other A/S countermeasures aren't stopping most of the bot spam, then I suggest trying the following before you install Postgrey: http://www.hardwarefreak.com/fqrdns.pcre Instructions are in the top of the file. Give it a shot before Postgrey. It stops most bot spam, doesn't delay legit mail as greylisting does, and doesn't use a database. It's fast and efficient. -- Stan
