Graylisting does work. We have been using SQLGrey (http://sqlgrey.sourceforge.net/) for three years now. The minute I turned it on, spam to my junk email folder(what SA used to catch) dropped by 90%. SQLGrey sits at the MTA level, so it hits the sender when they connect and before they actually submit email.
Obviously, it does allow them through if they come back, but most botnet senders do not retry messages or never have the chance. I think after I turned it on, the botnet plug-in got bored. My stats for it dropped significantly. So thats my proof it does adversely affect botnets. I wish I still had the stats graphs for when I turned it on. However, you can see its affect on my graph here: http://brain.chcfl.com/postfix/ ( noted as rejections ). I also have active directory setup with the MTA, so no messages ever hit the server that do not belong nor NDRs generated. If they try a dictionary attack, they will be on tarpit duty for a long time. To see the relief on someone's face after they realize they only 10 junk emails to glance at rather than 100, you see the value of graylisting. I have put my setup in a few other locations and they also report back to me that their users are now getting work done rather than parsing emails. Ya know, this got me thinking. Wonder if I could create a VM with all the settings and a script to customize the setup. Then organizations could just deploy the VM. Sort of an all in one deployment. Just update the VM template every now and then. Ahh but the learning db might be an issue.... oh well just a thought. -Brent -----Original Message----- From: Jonas Eckerman [mailto:jonas_li...@frukt.org] Sent: Monday, March 29, 2010 6:41 PM To: John Hardin Subject: Re: ATTN DEVELOPERS: Mega-Spam On 2010-03-30 00:12, John Hardin wrote: > While greylisting will help, it won't spank the offender in that manner. > It will postpone the message very early in the SMTP exchange, not after > the body has been received. Unless the greylisting is done *after* receiving the body. Of course, this will spank innocent senders as well. (My selective greylisting implementation for MIMEDefang does this, originally because some stupid MTAs didn't handle tempfails correctly at earlier stages... The "selective" stuff keeping delays and spanking of innocents down.) BTW: While I like greylisting because it stops a lot of spam, I've never seen any data substantiating claims that it has a measurable negative impact on botnets. So I'm not convinced it really does a lot of spanking of offenders... Regards /Jonas -- Jonas Eckerman Fruktträdet & Förbundet Sveriges Dövblinda http://www.fsdb.org/ http://www.frukt.org/ http://whatever.frukt.org/
