• Home
• About
• People
• News
• Events
• Research
• Courses
• Graduate Study
• Undergraduate Study
• Places
• Computing Systems
• Accounts
• After Hours
• Backups
• Copyright
• Disk Space
• Doc
• Education
• Email
• Dovecot
• Filtering
• Forwarding
• Greylisting
• Spamassassin
• Vacation
• Ergonomics
• FTP
• Get Software
• Hardware
• Help
• Licenses
• Local Access
• Network
• New Users
• Policies
• Remote Access
• Research
• Search
• Snapshots
• Statistics
• Software
• Technical Reports
• Web
• Industrial Relations
• Alumni
• Contacts

Greylisting

Our mail relay servers, the mail gateway to and from the department, implement a greylisting mechanism to help combat spam. When implemented, we observed around an 85% reduction in the amount spam successfully flowing into the department! This simple mechanism helps our internal servers remain responsive and significantly reduces the amount of spam our users ever see.

The Details

Well behaved mail servers are required by an RFC to retry delivery of email that fails with a temporary failure error code. In contrary, most spammers are trying to push through so much email that they can't afford to retry delivery of failed emails. Greylisting takes advantage of this RFC and purposely reports a temporary delivery failure the first time it sees a particular source email address, server ip address, and destination email address triple. When the remote server retries delivery, our mx server realizes it has already seen it and accepts the email for delivery. The server keeps track of known good triples and immediately accepts future emails. Over time, our server keeps track of external mail relay servers associated with successful triples and whitelists the entire server, ensuring that all future email is passed through without delay.

Some Questions and Answers

Do the triples expire?

Postgrey does keep track not only of the first time a given triple was seen, but also the last time. Entries that were last seen more than a month ago get removed automatically.

Everyone is using Gmail these days, do all triples get greylisted initially?

No. Remote mail relay servers which repeatedly show to be able to pass the greylist, are entered in a "clients whitelist", for which no greylisting is done anymore. Servers for popular email services are quickly added to our database on a per server basis, virtually eliminating any delay for remote users.

Isn't rejecting an initial email bad?

Reliable mail servers do this all the time. For instance, many of them throttle connections when they have received too many concurrent requests. Our server regularly has 500 - 1000 deferred emails, which are the result of remote mail servers telling ours to try again.

Can't the spammers get around this system by just behaving properly?

Absolutely. But many of them can't afford to do this because of the volume of email they are trying to send. They typically use badly behaving mail servers, that ignore many portions of the RFCs in an attempt to maximize output.

---

Page Owner: Mark Dieterich

Last Modified: Fri Feb 15 19:54:47 2008