Weekly Edition
Return to the Press pageRecent Features
| |||||||||||||
Killing That Spam With Postgrey And Postfix (HowtoForge)
HowtoForge shows how to
set up a greylist spam hurdle. "Greylisting in short means that
when someone wants to deliver a mail to your mailserver it will simply
reply "Please come back later". That is something all RFC compliant
mailservers do and when they do come back the mail is accepted. Most
spammers and spam software are not compliant and not patient enough to try
again. You will be surprised to see how effective this is. Anyway, follow
the links below to really learn about it. There are as always pros and cons
so do your homework before you put it on a production server."
(Log in to post comments)
Killing That Spam With Postgrey And Postfix (HowtoForge) Posted Jul 3, 2006 17:31 UTC (Mon) by freemars (subscriber, #4235) [Link] If you want to use postgrey with virtual domains (particularly under Ubuntu) there's a howto I found useful at http://www.howtoforge.com/greylisting_postfix_postgrey My experience is that Postgrey helps, but doesn't eliminate spam. The next step, imHo, might be software that detects emails to fake, 'bait' addresses and auto-adds that IP address to a local blacklist. Postgrey would help in this by delaying spam a few minutes -- maybe long enough so that spambot will send an email to one of your 'bait' addresses. The most effectie way to generate spam to a 'bait' address is to submit it to the 'remove me' mechanism in any spam you get.
Killing That Spam With Postgrey And Postfix (HowtoForge) Posted Jul 3, 2006 18:03 UTC (Mon) by mattdm (subscriber, #18) [Link] Yeah; I had a similarly disappointing experience. It decreased the total volume of incoming spam somewhat, but had no measurable effect on that which was getting through SpamAssassin. Since I have plenty of CPU power for running SA, the annoyances of greylisting weren't worth the considerable drawbacks.
Killing That Spam With Postgrey And Postfix (HowtoForge) Posted Jul 3, 2006 18:53 UTC (Mon) by copsewood (subscriber, #199) [Link] As with many other techniques which discriminate against spam based onwhat spam sending software does now, the problem is that such countermeasures can be expected to have a limited effective lifetime. In the medium term effective countermeasures are likely to be based on the fact that most spammers can't avoid spamming indiscriminately, e.g. by setting up spamtrap addresses and using input to these to populate spam-origin blacklists. In the longer term when the indiscriminate spammers are all out of business, controlling spammers who infiltrate existing social networks (e.g. using zombies, normal email sending software on zombines and addresses found on zombie address books) will require more secure user machines generally, combined with a reputation system which makes people accountable for actions including allowing a machine to become owned by a spammer.
Killing That Spam With Postgrey And Postfix (HowtoForge) Posted Jul 3, 2006 19:19 UTC (Mon) by zappy (guest, #38793) [Link] Greylisting has in my experience lessened the spam with somewhere around 95-99% compared to no greylisting.. This is where NO other antispam features are used except blacklisting in combination with greylisting..Since it's not based on content snooping, it's basically impervious to new techniques except just to resend over and over again, which is very costly if you are trying to send out 10milllion+ emails. Only way to spam properly then is to go back to spamming through proper email servers and only use verified addresses, which will lessen the total amount of spam as most of those have a n account limit for sending mails per hour/day/week etc. We will never be totally free of spam, but bulk spamming is a dying business in email with greylisting.. Today web/blog/chat spammers are the big annoyance..
Killing That Spam With Postgrey And Postfix (HowtoForge) Posted Jul 5, 2006 15:19 UTC (Wed) by vonbrand (subscriber, #4458) [Link] Bulk spammers are today repeating their junk a few times after a short interval, presumably to overcome greylisting. When we installed greylisting, spam volume went way down, by now it is almost back to normal...
Killing That Spam With Postgrey And Postfix (HowtoForge) Posted Jul 3, 2006 19:12 UTC (Mon) by farnz (guest, #17727) [Link] Pierre Habouzit describes an interesting way of combining greylisting and RBLs, such that only mail that would have been blacklisted by an RBL is greylisted; mail that wouldn't have been blacklisted is passed through immediately.It seems to me that this is an ideal way to ameliorate the worst effects of aggressive RBLs (like SPEWS level 2). Because the IPs are now greylisted, not blacklisted, the high false positive rate is no longer a problem, while the whitelisting of unlisted space still provides an incentive to clean up (albeit a lesser incentive).
Killing That Spam With Postgrey And Postfix (HowtoForge) Posted Jul 3, 2006 21:35 UTC (Mon) by nas (subscriber, #17) [Link] I proposed something like greylisting years ago (before the term "greylisting" was coined). My idea was to use a classifier (e.g. Spam assassin or Spambayes) to determine if a message looks like spam. If so, then delay the message and force the sender to retry. It's less disruptive than what systems like Postgrey do. Also, you can increase the delay period, forcing spammers to work harder and improving the effectiveness of the filter.
Killing That Spam With Postgrey And Postfix (HowtoForge) Posted Jul 3, 2006 21:56 UTC (Mon) by farnz (guest, #17727) [Link] The distinction between Pierre's suggestion and yours is that Pierre suggests using a cheap test (RBLs) to determine whether to greylist or not; you're suggesting greylisting on the basis of a CPU intensive test.Practically, the sort of systems that implement greylisting for RBL listings only (which is not a standard setup) probably already do things like issue "550 Administratively prohibited" to spam senders, rejecting the spam back to the sender (which does nothing about zombies, but indicates to a human that a false positive has happened, as their mailserver returns the bounce).
Killing That Spam With Postgrey And Postfix (HowtoForge) Posted Jul 3, 2006 22:19 UTC (Mon) by jeroen (subscriber, #12372) [Link] This is already possible with sa-exim and that's how I've configured all my mail servers. If the SA score is less than 0, the mail gets through immediately. Between 0 and 7 it gets greylisted and above 7 it gets rejected. This works very nice and is a lot better than the standard greylisting IMHO.
Killing That Spam With Postgrey And Postfix (HowtoForge) Posted Jul 4, 2006 0:21 UTC (Tue) by jlma (guest, #38795) [Link] It seems to me that an important part of fighting spam is to not evenaccept the spam message, thus saving also bandwidth, besides cpu time as was noted in another post. Also, "failed" adresses (all to which spam could not be delivered, including those using greylisting) may be deleted from spammer's list (I would delete them if I was a spammer, to save time). Therefore, it seems best not to accept e-mail until the sender has proven itself by the "please come back later" test, instead of using content based spam tests, like spamassassin etc.
I'm using SqlGrey Posted Jul 3, 2006 20:20 UTC (Mon) by hisdad (subscriber, #5375) [Link] When I first used it, was so incredibly effective I thought at first I had busted the email system. My morning email load of 50 spam went to zero.
However I use the more flexible, database driven, 'sqlgrey' program.
Its not a complete solution, its a component of a layered defense.
--dad
Killing That Spam With Postgrey And Postfix (HowtoForge) Posted Jul 4, 2006 11:38 UTC (Tue) by evgeny (guest, #774) [Link] Is there a way to use it with multi-MX (automatic history/whitelist sync etc)? Milter-greylist for sendmail (http://hcpnet.free.fr/milter-greylist/) can do it correctly.
|
|||||||||||||