[Dovecot] Struggling with antispam

Noel noeldude at gmail.com
Fri Mar 7 17:21:12 UTC 2014


On 3/7/2014 10:21 AM, Alan Chandler wrote:
>
> One question I would be very interested in - and can't find much
> about it is how long do you greylist these people for?
>
> Basically I only greylist people who fail the spf checks at the
> moment (that is specifically those who explicitly fail the spf
> check and those that have an spf record with a +all at the end)
>
> I greylist a softfail for 4 hours and a hard fail or open for 12,
> but I plucked these figures out of the air.
>
> Alan

A delay of 5..15 minutes is sufficient, a delay of hours
unnecessarily delays legit mail without increasing the
effectiveness.  The vast majority of bots either don't retry, or
retry once immediately. 

It seems to me that greylisting based on spf would not be very
effective since it appears many bot herders intentionally use
domains without spf records.

Remember the purpose of greylisting is to reject bots, not delay
"real" mail servers -- even if you don't want their mail.



  -- Noel Jones


More information about the dovecot mailing list