TOP

Using Email Greylisting to Reduce SPAM

One of the most common problems faced by anyone hosting a mail server in today’s internet world is SPAM. Whether it comes from the outside world to your clients or originating from your clients themselves. Every server administrator will need to deal with this at some point. This article is to clarify what “Greylisting” means, what it will do, what it won’t do and hopefully give you enough information to decide whether or not it’s a good idea for your environment.

In short, Greylisting does two main things. The first, is to temporarily reject the first email received from a non-whitelisted sender, the second is to keep a list of possible spam servers to chose whether or not to reject the first email.

This does sound a little weird at first, but the methodology behind rejecting the first email comes from a basic principle. SPAM servers generally send a lot of mail OUT. The faster the better (in most cases) as Administrators try to shut down these servers through blacklist databases all the time. Since these servers gernerally process a large amount of outgoing mail from potentially old mailing lists or manually created ones in some cases, most spammers don’t always know what email accounts actually exist. Going on this priciple, majority of SPAM server will not try to deliver mail more than once (ie: if it sent mail gets rejected it will not try and resend it). A properly configured mail server will try multiple times before sending it back undelivered.

As a result, Greylisting takes advantage of this by initially denying the message and waiting for the origin server to re-send it. If it receives a second request for the original message then it will accept and deliver it locally.

The most common configuration we use on our networks utilize Postfix mail servers with a plugin called PostGrey.  Although I won’t get into the configuration of PostGrey here, there are many articles online that can help you out.

Is Greylisting Right for You?

The reason you need to ask yourself this question is that it can provide benefits but at a small cost. Since Greylisting initially rejects the first email message, the immediate implications are that you will not get “instant” delivery of your mail. While most providers will never say that email delivery is instant by nature, it’s generally very fast. Normally within 1 minute of it being sent it should be received at the other end.

So if you are running a mail server that forwards messages to blackberrys or various handheld devices, these mobile users need to know that they will not get their messages “instantly” when they are sent by another user.

Also, mail servers can be configured in different ways. While most don’t wait very long to re-send a message, depending on the configuration the message could take up to 10 minutes to be re-sent. So it may not be a good idea to use this on a support or high-availability help-desk style situation.

The good news: You can exclude certain mail accounts from grey-listing. So you can still install and configure PostGrey on your server and specify which mailboxes to not Greylist.

Conclusion

GreyListing is very effective if you understand how it works and behaves. When used correctly it will reduce the amount of SPAM destined to your users by a very large factor (it did for us, but your mileage may vary).  In turn, this will reduce the amount of work other filters that are installed will need to do (IE: spamassassin etc…) thus allowing you to use much less resources for processing mail and limiting it to real mail in most cases.

 

Leave a Reply

Your email is never published nor shared.

You may use these HTML tags and attributes:<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>