bill at aggienerds.org
Mon Apr 9 11:56:28 EDT 2007
On Mon, Apr 09, 2007 at 11:40:51AM -0400, Ethan Blanton wrote:
> You cannot control the length of the delay imposed by the graylisting,
> all you can do is define a *minimum*. The actual delay is controlled
> by the remote server, and is the amount of time it takes to decide to
> retry. As you are essentially telling the remote server "I am
> overloaded, please try again later", any *good* mail server is going
> to wait some nontrivial period of time before trying again, preferably
> with some sort of exponential backoff. Five minutes (300 seconds) is
> not an unusual *initial* retry period.
I've found that setting a delay of 60 seconds with greylisting tends to
work pretty effectively, but it still does tend to get delayed about an
hour typically. (Most spambots seem to keep retrying every second rather
than queue it and try again in a minute or ten like most MTA's.)
Granted, that's still outside the acceptable timeframe for a lot of
> > I've been running spamprobe on my mail here, with a cron job teaching it
> > on the spam it misses (all of it) since we set up pidgin.im.
> > I now have over 1000 pieces of spam it has missed, some of which
> > spamassassin has caught. All of these reached us via SF, and so
> > bypassed the greylisting. On schierer.org, I have gotten spamprobe to
> > catch some, but far from all of my spam and only with the combination of
> > spamprobe and spamassisin *both* scanning my mail (spamassasin filtering
> > after spamprobe and filtering into the directory spamprobe learns from),
> > am I catching a decent percentage of my spam.
> Interesting, since you seem to be retraining spamprobe on the spams it
> misses. I use spamprobe on several accounts which receive hundreds of
> spams per day (one of them, I think about 500), and I leak no more
> than a handful a week.
I've found that checking simple things like whether or not the host
sending e-mail is resolvable or if it's in the zen.spamhaus.org RBL
catches about 99% of the spam. The remainder can be usually be caught by
greylisting if you want to pay the price for it in time, but that's
obviously not an acceptable tradeoff for everyone.
Since I've started checking those things, I haven't had to rely on
bayesian analysis of my spam to keep my inbox acceptably clean and I was
getting a few hundred a day before that.
More information about the Devel