[Dovecot] Struggling with antispam

Alan Chandler alan at chandlerfamily.org.uk
Fri Mar 7 17:26:04 UTC 2014


On 07/03/14 17:21, Noel wrote:
> On 3/7/2014 10:21 AM, Alan Chandler wrote:
>> One question I would be very interested in - and can't find much
>> about it is how long do you greylist these people for?
>>
>> Basically I only greylist people who fail the spf checks at the
>> moment (that is specifically those who explicitly fail the spf
>> check and those that have an spf record with a +all at the end)
>>
>> I greylist a softfail for 4 hours and a hard fail or open for 12,
>> but I plucked these figures out of the air.
>>
>> Alan
> A delay of 5..15 minutes is sufficient, a delay of hours
> unnecessarily delays legit mail without increasing the
> effectiveness.  The vast majority of bots either don't retry, or
> retry once immediately.
>
> It seems to me that greylisting based on spf would not be very
> effective since it appears many bot herders intentionally use
> domains without spf records.
>
> Remember the purpose of greylisting is to reject bots, not delay
> "real" mail servers -- even if you don't want their mail.
>
>
>
>    -- Noel Jones
Thanks

These few posts have made me rethink my strategy here.

Alan


More information about the dovecot mailing list