Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - Feature Request: Greylisting
  FAQ FAQ  Forum Search   Register Register  Login Login

Feature Request: Greylisting

 Post Reply Post Reply
Author
mikek View Drop Down
Senior Member
Senior Member
Avatar

Joined: 22 February 2005
Location: Switzerland
Status: Offline
Points: 133
Post Options Post Options   Thanks (0) Thanks(0)   Quote mikek Quote  Post ReplyReply Direct Link To This Post Topic: Feature Request: Greylisting
    Posted: 03 July 2007 at 4:41am
Could we pick up on the greylisting topic once more?

We've just purchased a Merak Mailserver License which has Greylisting built-in. We've been testing it with a few of our domains and I must say that greylisting works very well and takes such a load off the server, that I really would like to see it implemented in Spamfilter as well.

About 90% of todays spam is caught by the greylist alone, meaning the server will never have to go beyond the RCPT TO: command, saving bandwidth and resources, since all the other filters do not have to be processed.

Think about it, a greylisting implementation is not complicated...

Cheers,

Mike
Back to Top
Desperado View Drop Down
Senior Member
Senior Member
Avatar

Joined: 27 January 2005
Location: United States
Status: Offline
Points: 1143
Post Options Post Options   Thanks (0) Thanks(0)   Quote Desperado Quote  Post ReplyReply Direct Link To This Post Posted: 03 July 2007 at 12:41pm
What about customers that expect instant delivery of messages?  Some people use email almost like IM.
The Desperado
Dan Seligmann.
Work: http://www.mags.net
Personal: http://www.desperado.com

Back to Top
mikek View Drop Down
Senior Member
Senior Member
Avatar

Joined: 22 February 2005
Location: Switzerland
Status: Offline
Points: 133
Post Options Post Options   Thanks (0) Thanks(0)   Quote mikek Quote  Post ReplyReply Direct Link To This Post Posted: 03 July 2007 at 2:07pm
1. the filter would have to be configurable per domain, just like the other filters
2. an ip bypass for well known or misbehaving mailservers could as well be easily implemented
3. greylisting only introduces a delay on the first communication between a distinct sender and recipient. After that, there is no more delay for a configured amount of time.

Again, I really like the idea behind greylisting. The implementation as easy, there is (practically) nothing to configure and it saves quite some bandwidth and cpu resources...


Edited by mikek
Back to Top
Desperado View Drop Down
Senior Member
Senior Member
Avatar

Joined: 27 January 2005
Location: United States
Status: Offline
Points: 1143
Post Options Post Options   Thanks (0) Thanks(0)   Quote Desperado Quote  Post ReplyReply Direct Link To This Post Posted: 03 July 2007 at 5:29pm
I really do understand your reasons and request but our experience with outside services that graylist is that it causes an undue burden on our outbound server queue.  Also, our outbound server only retries every 4 hours and some graylist supported servers seem to think that the message is new after 4 hours and re-graylists it so that it never goes out and we get many support calls that messages that our customers sent, never arrived.  (Talk about a run on sentence!).  I actually get rather irritated at servers that graylist us for the above mentioned reasons.
 
Having said that, it might be worth trying but I think it would be hard to quantify the benefits.  Perhaps a user configured delay to the initial SMTP connection would be a compromise as I do see that "Spam Blast" servers appear to be less patient waiting for the initial 220 response than most mail servers.
 
Just my 3.5 cents
The Desperado
Dan Seligmann.
Work: http://www.mags.net
Personal: http://www.desperado.com

Back to Top
WebGuyz View Drop Down
Senior Member
Senior Member


Joined: 09 May 2005
Location: United States
Status: Offline
Points: 348
Post Options Post Options   Thanks (0) Thanks(0)   Quote WebGuyz Quote  Post ReplyReply Direct Link To This Post Posted: 04 July 2007 at 12:14am

Dan,

 I find most large ISP's implementing greylisting (like Yahoo and AOL) and have set my outbound server retry to 2,10,30,60 & 90 minutes. I was getting complaints about Yahoo mail taking forever to be delivered. I'm surprised you rusers haven't complained.

I think the SFE version of Greylisting should include checking the autowhitelistforceddelivery file as well as doing its triplet check.

My 5.0 cents ;-)

http://www.webguyz.net
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4065
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 04 July 2007 at 9:18am
We are including the greylisting filter in SpamFilter, most likely it will be disabled by default so as to not cause problems to admins who do not wish to use it.

While we can't promise this yet, we will be of course be trying to make it configurable per domain. We also don't think the full implementation of greylisting, as described in its documentation, is an optimal solution, so we'll be making some changes ourselves to improve it, as Despearado already hinted about some of the problems this may cause.

The new wave of PDF spam took precedence, and developing a new filter for this has slowed greylisting implementation a bit. We hope we'll have a beta within a few weeks.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
mikek View Drop Down
Senior Member
Senior Member
Avatar

Joined: 22 February 2005
Location: Switzerland
Status: Offline
Points: 133
Post Options Post Options   Thanks (0) Thanks(0)   Quote mikek Quote  Post ReplyReply Direct Link To This Post Posted: 04 July 2007 at 9:20am
Well that's great news! Looking forward to the beta already! :-)

Cheers,

Mike


Edited by mikek
Back to Top
Desperado View Drop Down
Senior Member
Senior Member
Avatar

Joined: 27 January 2005
Location: United States
Status: Offline
Points: 1143
Post Options Post Options   Thanks (0) Thanks(0)   Quote Desperado Quote  Post ReplyReply Direct Link To This Post Posted: 04 July 2007 at 10:26am
Originally posted by WebGuyz WebGuyz wrote:

have set my outbound server retry to 2,10,30,60 & 90 minutes.

My normal queue is around 5-10K messages so a 2 minute or even a 30 minute retry is not an option.  We have it set a 2 hours which is the optimal for our outbound mail.

Originally posted by WebGuyz WebGuyz wrote:

I'm surprised you rusers haven't complained.

They have, in fact, complained but when we queue up 5000 messages to yahoo due to the graylisting ... and then we do a flush and they get blocked for "too many connections" error from yahoo, this is a problem.

I thought gray listing was a good idea until we started becoming victims of the above situation.  Good idea ... crappy implementation.



Edited by Desperado
The Desperado
Dan Seligmann.
Work: http://www.mags.net
Personal: http://www.desperado.com

Back to Top
mikek View Drop Down
Senior Member
Senior Member
Avatar

Joined: 22 February 2005
Location: Switzerland
Status: Offline
Points: 133
Post Options Post Options   Thanks (0) Thanks(0)   Quote mikek Quote  Post ReplyReply Direct Link To This Post Posted: 26 October 2007 at 9:23am
Any news from the greylisting filter feature front? :-)


Edited by mikek - 26 October 2007 at 9:53am
Mike Kellenberger
Work: http://www.escapenet.ch
Private: http://www.kellyburger.com
Back to Top
WebGuyz View Drop Down
Senior Member
Senior Member


Joined: 09 May 2005
Location: United States
Status: Offline
Points: 348
Post Options Post Options   Thanks (0) Thanks(0)   Quote WebGuyz Quote  Post ReplyReply Direct Link To This Post Posted: 26 October 2007 at 10:14am
Roberto said they were working on it but ran into problems with syncing triplet info between multiple SFE servers. Would be good to get an update....
http://www.webguyz.net
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4065
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 26 October 2007 at 11:09am
"Unfortunately" we were having good results with a single SpamFilter, but to maximize performance, all the caching needs to be done in memory. This became a problem with multiple instances of SpamFilter however, as it was impossible to share the memory cache fast enough among multiple servers.

Having separate greylisting caches for multiple servers could cause an IP to be "allowed" on one server, but be "greylisted" on another. This could in turn cause a remote server to fail the delivery due to  too many retries, if the retries keep going to  different servers.

Our only option would be to implement greylisting, but only for single-server configurations, but are afraid this would cause too many complaints from customers who deployed multiple SpamFilters.

...opinions are welcome!
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
WebGuyz View Drop Down
Senior Member
Senior Member


Joined: 09 May 2005
Location: United States
Status: Offline
Points: 348
Post Options Post Options   Thanks (0) Thanks(0)   Quote WebGuyz Quote  Post ReplyReply Direct Link To This Post Posted: 26 October 2007 at 11:31am
How about the SFE's cache locally and ALL of them periodically dump their caches to a SQL table and then copy table down back into memory. Most servers wait at least a few minutes before retrying to resend so if you can get all the SFE's to sync at the same time every x minutes it might not be too bad.
 
Even if there is a performance penalty the benefits of having greylisting amongst several SFE's might outweight that.
 
We all understand even you guyz have to work within the laws of physics.LOL
http://www.webguyz.net
Back to Top
mbrusl View Drop Down
Groupie
Groupie
Avatar

Joined: 05 December 2005
Location: Thunder Bay Ont
Status: Offline
Points: 61
Post Options Post Options   Thanks (0) Thanks(0)   Quote mbrusl Quote  Post ReplyReply Direct Link To This Post Posted: 26 October 2007 at 11:38am
Impressive, I was going to mention something similar to that.  My thoughts were to put a flag on it and if the other connected SF machines were hooked up, it could bypass those machines for that message.

Michael

Back to Top
mikek View Drop Down
Senior Member
Senior Member
Avatar

Joined: 22 February 2005
Location: Switzerland
Status: Offline
Points: 133
Post Options Post Options   Thanks (0) Thanks(0)   Quote mikek Quote  Post ReplyReply Direct Link To This Post Posted: 29 October 2007 at 3:09am
Speaking for myself, I would be happy with a "single-server configuration only" greylisting feature, since I'm not running multiple servers... :-)

But that's just me, I guess...
Mike Kellenberger
Work: http://www.escapenet.ch
Private: http://www.kellyburger.com
Back to Top
ImInAfrica View Drop Down
Groupie
Groupie
Avatar

Joined: 27 June 2006
Location: FL, USA
Status: Offline
Points: 60
Post Options Post Options   Thanks (0) Thanks(0)   Quote ImInAfrica Quote  Post ReplyReply Direct Link To This Post Posted: 20 November 2007 at 4:33pm
I'll second a stand-alone greylisting!
Have been experimenting with some 'free' greylisitng (try hermes-project) only products but they don't handle the load at the moment.
the other problem is that all emails would come to SFI only from the ip address of the greylisting server. so all rbl functionality is lost + plenty more functionality.
we tried it on our secondary mx records as it seems to be getting way more spam then primary.
 
when it worked (for about 90 minutes at a time), it was great. almost no emails were processed, as they were 99% spam.
 
on this subject i have another idea/thought:
setup an additional MX record for one of your domains with the highest priority (read MX 99).
Chances that REAL mail servers will use that are minimal. within 10 minutes you should be able to see connections to that mx record. (100% spam from our testing).
If we then setup a smtp engine to listen on the mx records, act really slow (we know spammers like to send mail FAST), and most importantly drop the connection after the 'rcpt to:' command, only after the connection has been made to wait for 5-10 seconds. We know spammer prefer the high priority mx records, and we know they like fast smtp servers, so by acting slow, and dropping the connection, they won't try again = less spam. Any takers on the idea? any comments?
 
Amir
Back to Top
mikek View Drop Down
Senior Member
Senior Member
Avatar

Joined: 22 February 2005
Location: Switzerland
Status: Offline
Points: 133
Post Options Post Options   Thanks (0) Thanks(0)   Quote mikek Quote  Post ReplyReply Direct Link To This Post Posted: 21 November 2007 at 2:31am
ImInAfrica: nice idea, but has some problems:
- if the primary mailserver goes down, the secondary MX will be tried, and if it rejects all mail, customers will not be happy
- acting slowly and waiting means more concurrent connections and could be a performance issue
- spammers don't care how fast your smtp server reacts - most spams are sent via bot-nets anyway and those are stupid smtp sending engines which probably don't care about speed...

just my 2 cents...
Mike Kellenberger
Work: http://www.escapenet.ch
Private: http://www.kellyburger.com
Back to Top
lyndonje View Drop Down
Senior Member
Senior Member
Avatar

Joined: 31 January 2006
Location: United Kingdom
Status: Offline
Points: 192
Post Options Post Options   Thanks (0) Thanks(0)   Quote lyndonje Quote  Post ReplyReply Direct Link To This Post Posted: 04 December 2007 at 4:06pm
Hi Guys, long time no speak.
 
I personally would also like to see a stand alone implementation of the greylisting - as I also only run a single instance of SF, infact only today have I switched to SFE!
 
I would be very interested in seeing these results, but it must be a settings you can configure per domain.
 
And desperando - don't worry, I'm sure everyone here would happily whitelist your servers Wink
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.078 seconds.