Posted by: Anonymous Coward
on April 13, 2007 12:42 PM
As far as I understand, since Greylist (spamd, postgrey and others) works during RCPT TO by presenting temporary and brief SMTP time out, the spammers won't be able to send their DATA payloads (the messages) and thus this is non-CPU and bandwidth punishing process since there are no messages and images needed scanned and deeply analyzed.
Greylist is useful for fighting ZOMBIES than fully relying with contents checks that eats up too many processes and putting heavy loads on our bandwidth. Since zombies were merely infected computers accross the internet, it is the BOTS that sends spam and for sure, these were to send only once due to the nature of these bots and hence won't (or seldom) retry after a failed connection attempt which is exactly opposite to a real SMTP server that would keep on retrying until it found out that the failure is permanent.
There is a contributed patch for postgrey to enable it to tarpit and further making it harder for the bots circumventing it in case, some of these bots now were rewritten to retry after a greylist, by adding a "—retry-cont=2 and "—auto-whitelist-delay=3600" startup options.
The creator of the patch as well combined S25R (Selective SMTP Rejection) that uses only simple regular expressions that matches with dynamic ADSL/cable subscribers (the ones being infected with bots or becoming zombies) hostname strings.
Learn about Linux
Download Linux
Get Linux help
Re:Resource-usage reduction and security
Posted by: Anonymous Coward on April 13, 2007 12:42 PMGreylist is useful for fighting ZOMBIES than fully relying with contents checks that eats up too many processes and putting heavy loads on our bandwidth. Since zombies were merely infected computers accross the internet, it is the BOTS that sends spam and for sure, these were to send only once due to the nature of these bots and hence won't (or seldom) retry after a failed connection attempt which is exactly opposite to a real SMTP server that would keep on retrying until it found out that the failure is permanent.
There is a contributed patch for postgrey to enable it to tarpit and further making it harder for the bots circumventing it in case, some of these bots now were rewritten to retry after a greylist, by adding a "—retry-cont=2 and "—auto-whitelist-delay=3600" startup options.
The creator of the patch as well combined S25R (Selective SMTP Rejection) that uses only simple regular expressions that matches with dynamic ADSL/cable subscribers (the ones being infected with bots or becoming zombies) hostname strings.
<a href="http://k2net.hakuba.jp/targrey/index.en.html" title="hakuba.jp">http://k2net.hakuba.jp/targrey/index.en.html</a hakuba.jp>
<a href="http://www.gabacho-net.jp/en/anti-spam/anti-spam-system.html" title="gabacho-net.jp">http://www.gabacho-net.jp/en/anti-spam/anti-spam-<nobr>s<wbr></nobr> ystem.html</a gabacho-net.jp>
#