Fighting spam via greylisting

Jeremy Huntwork jhuntwork at linuxfromscratch.org
Sat Apr 7 18:40:12 PDT 2007


Greetings All,

Inspired by an email from Richard Downing, I decided to look into using
greylisting to help fight spam. If you haven't heard of it before see:
http://www.greylisting.org

The basic idea is that whenever a new MTA (one that is not in the
greylisting database) attempts to deliver mail, the mail is
automatically rejected. If the MTA is a valid MTA, it will retry to
deliver the mail after a few minutes. At this point the greylisting
server recognizes the MTA from a previous attempt and assumes that it is
valid mail. The address of the sending MTA is added to the database and
future messages from that server are automatically allowed (at least for
a while).

I tried a Postfix implementation called Postgrey on my own personal
server and the results were very good. (See
http://postgrey.schweikert.ch/). Based on those results it was decided
to implement this service on Quantum.

Quantum already had SpamAssassin installed and it uses some nice Postfix
reject rules to keep a good deal of spam at bay. Combine that with the
fact that the mailing lists require a valid subscription to post and the
result is that most spam never reaches the end users. Even so, a good
deal of spam gets past SpamAssassin and Postfix and hits Mailman. And
therein lies the problem we wish to avoid. Even though mailman rejects
the message, the processing time mailman spends is expensive. Our hope
is to eliminate a good deal of spam before it even 'enters' the system,
so to speak.

Be advised that your first post to a mailing list might be delayed by a
few minutes. If it takes a considerably long time, or if you receive an
undeliverable message from your MTA, please let us know at server-admin
AT linuxfromscratch DOT org so that we can adjust our whitelisting
files.

If you have a linuxfromscratch.org mail account and you would rather
not have greylisting applied to your personal mail at all, please send a
message to server-admin and we can add your account to the whitelisting
rules as well.

--
JH



More information about the alfs-discuss mailing list