[Dovecot] what best for anti-spam filter?

Jacek Osiecki joshua at hybrid.pl
Tue Jul 24 17:23:28 EEST 2012 

On Tue, 24 Jul 2012, Stan Hoeppner wrote:

> On 7/24/2012 7:13 AM, Morten Stevens wrote:

[...]
>> Jul 24 12:50:53 mx1 sendmail[32518]: q6OARUOM031928:
>> to=<manu at netbsd.org>, delay=00:23:23, xdelay=00:00:02, mailer=esmtp,
>> pri=332317, relay=mail.netbsd.org. [149.20.53.66], dsn=4.7.1,
>> stat=Deferred: 450 4.7.1 <manu at netbsd.org>: Recipient address rejected:
>> Greylisting in action, please try later
[...]
>> Greylisting in action, please try later
>> Jul 24 13:50:53 mx1 sendmail[1672]: q6OARUOM031928:
>> to=<manu at netbsd.org>, delay=01:23:23, xdelay=00:00:02, mailer=esmtp,
>> pri=602317, relay=mail.netbsd.org. [149.20.53.66], dsn=4.7.1,
>> stat=Deferred: 450 4.7.1 <manu at netbsd.org>: Recipient address rejected:
>> Greylisting in action, please try later

>> This is exactly the reason why greylisting is bad.

I'd say, when greylisting isn't set up correctly. One hour and still 
greylisting the message? Come on...

> I have yet to hear of a bot that retries.  Thus, there's not reason to
> set a wait period more than a few seconds, causing the situation above.

Few seconds is much too short. One of our clients has over 20 servers 
accross the country, with central GL database. Most of them are MX for the 
domain, and each one is a storage for some subset of emails in this 
domain. When a spambot tries to deliver a message, goes through all the 
MXes - so it takes sometimes 20-30seconds for it to get through all of 
them...

The initial pre-greeting delay is a good idea - although IMHO users 
definitely should then use submission port (587) without this delay.

For GL, there is no point in setting times larger than few minutes. Bots 
either don't retry to send email at all, or retry in legit times. On the 
other hands, most of the spoiled mail servers (usually in larger 
corporations) do few delivery retries within few seconds and then after 
many hours...

So far, this client is still satisfied with GL (set to 10 minutes) since 
it reduces spam amount by around 50% (about 3k messages a day). Sometimes,
when we have troubles with some servers - they are simply added to WL. 
It doesn't happen too often, although this is a typical business - with 
lots of mailing campanies, emails that sound as if it was a typical spam 
etc. ;)

Greetings,
-- 
Jacek Osiecki joshua at ceti.pl GG:3828944
I don't want something I need. I want something I want.

More information about the dovecot mailing list