[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Gordon Henderson wrote: > > I suspect that if a spammer gets through the NoListing, it'll get > through the GreyListing too, but in any case, GreyListing (& SA) require > CPU & disk resources while NoListing doesn't. Bypassing greylisting requires spammers to maintain state (or retry routinely), both of which present a significant cost and above something like trying the next MX which doesn't require significant state to be maintained but can be done in a loop. So whilst I'm sure all the spam from genuine email servers will pass both greylisting and nolisting, spambots could more easily pass NoListing if the spammer can be bothered. That said you can use both, I've been wary of NoListing simply because of the appalling quality of some email servers (and admins), but I doubt it causes many more issues than greylisting, and probably from the same few servers that can't adhere to an RFC. > It's going to be a bit of a disaster when the spammers cotton onto > NoListing and Greylisting, but GL has held out for a few years now.. > Lets hope it holds up for a few more... My stats show that greylisting is no longer the single most effective preventative we use. The Spamhaus ZEN list exceeds it in terms of volume stoped, this is due to big decline in GL effectiveness (it has dropped from stopping 97+% of spam as a single measure to well under 90%) as well as improvements to the Spamhaus block list (the inclusion of the PBL being a key change). I found the "ix.dnsbl.manitu.net" block list provided good skill, it is an automatic block list based on current spam sources, and thus picks up on individual spam runs from mail servers which have had accounts compromised and the like. This works well with greylisting - come back in 10 minutes when the block list has had a chance to add your IP address. Although it became a political issue at work when it blocked email from Demon. Clearly the list authors has a relatively small whitelist of hosts not to block, and Demon's servers were spewing spam at the time. I'm also using policyd-weight on servers where spam is a bigger issue than the odd false positive. The main delivered spam issue I see is spam from big email providers (Gmail and Yahoo). Also see a fair bit from forwarded accounts, as all my spam prevention is via IP based trust, or hosts not behaving list proper email servers, and I clearly do better than those groups forwarding me email (although the FSF have sorted out most of their spam issues these days). Of course Icedove's Bayesian filter eats most of the spam gets through, but recently seems to be missing lots of 419 scams. I think the bigger issue than spammer bypassing greylisting, or nolisting, is credential theft. Hence the issue with emails from Yahoo and Google. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html