[tclug-list] Behind the scenes changes to MX for mn-linux.org

Tue Nov 21 18:48:01 CST 2006

Quoting Chris Mulcahy <tclug at cmulcahy.com>:

> slushpupie at gmail.com wrote:
>> On 11/21/06, Clay Fandre <clay at fandre.com> wrote:
>>
>>> How about everyone else? Anything new out there we should take a look at?
>>>
>> up with 50% keywords to throw the stats off.  It more or less made my
>> training useless.  I started using greylisting (postgrey) and it cut
>> my spam down by at least 80%.  Once I get bogofilter re-trained I
>> think I'll have a good setup again for a while.
>>
>> Info on greylisting: http://greylisting.org
> The big problem with grey listing is the bounces.  When an innocent
> person's domain name is forged as the return address, grey listing,
> along with message bouncing, floods some innocent person's mailbox.
>
> I have a huge procmail script dedicated to wiping out the grey listing
> "please verify you are a human" messages as well as the bounce
> messages.  You will never get a mail from me because the forged mail
> addresses caused me to /dev/null all grey listing and bounce messages.
>
> Grey listing is fine for you.  It is a MAJOR problem for those innocents
> whose domain name has been forged.  I spent way too much time filtering
> and blocking those messages.
>
> Not a fan of it myself but I get over 30,000 spam messages per day.  I
> am continuously evaluating spam filtering.
>
> <sigh>
> Chris
>

Either you misunderstand what greylisting is, or I was doing something 
revolutionary, probably not the revolutionary part.

When I was greylisting it worked by giving a 4XX "try back later" 
message to any from address, domain and IP Address combination which 
was not listed in the database. This would result in any standard mail 
server queueing the mail for delivery later, at which point the 
greylisting server would allow the mail delivery. Many/most spam 
operations won't bother queuing mail for later delivery, and you will 
never see a particular from address, domain, and IP Address combination 
from them again becuase they forge the from address.

The biggest issue in this scenario for a very high volume operation 
with a lot of unique senders is scaling the database. For medium volume 
operations it can be quite effective.

Josh