Date: Wed, 02 May 2007 09:00:38 -0400 From: Bart Silverstrim <bsilver@chrononomicon.com> To: Ted Mittelstaedt <tedm@toybox.placo.com> Cc: John Levine <johnl@iecc.com>, freebsd-questions@freebsd.org Subject: Re: Greylisting -- Was: Anti Spam Message-ID: <46388B76.6090900@chrononomicon.com> In-Reply-To: <BMEDLGAENEKCJFGODFOCMEAKCAAA.tedm@toybox.placo.com> References: <BMEDLGAENEKCJFGODFOCMEAKCAAA.tedm@toybox.placo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Ted Mittelstaedt wrote: > >> -----Original Message----- >> From: Bart Silverstrim [mailto:bsilver@chrononomicon.com] >> Sent: Monday, April 30, 2007 12:08 PM >> To: Ted Mittelstaedt >> Cc: John Levine; freebsd-questions@freebsd.org >> Subject: Re: Greylisting -- Was: Anti Spam >> >> >> You're making it sound as if greylisting is a terrible idea > > NO. I'm making it sound like greylisting is NOT the world's answer to > stopping spam. It's NOT a miracle cure, it is NOT the last, best hope > for peace. If that is the case, you didn't understand me either...I believe that at this point it takes layers to try stopping spam and viruses, and there are tradeoffs to be made. It isn't a cure and I don't think I professed it was. > Obviously you have a severe problem with this. All I can say to that > is if you put all your spamfighting eggs in one basket, your foolish. Curious...where did I say that was all I was using? > Give it a rest. That is one wart on greylisting. There are others. Just > as there are warts on all other spamfighting tools. Um...you were bringing it up and focusing on it. Every time you claimed what a terrible thing this was for your monitoring system, I would say it's not as big a problem as you were making it out to be. > I, and others most likely, are saying that it wouldn't take >> much for you to get it working just fine whether the cell carrier >> used it or not. And even then, you haven't made a case that ISPs or >> businesses still couldn't use it > > Right, because it was never my intention to make a case for NOT using it. That wasn't how it appeared. You disparaged it every time as to why it wouldn't work for you if XYZ happened, so it very much appeared that you didn't want it. > It was my original intention to show that greylisting worked because it > allows the blacklists time to get the submitter in their lists, not because > all spammers cannot tolerate greylisting delays because they are sending > spam so fast. Which is what one of the OP's claimed was how greylisting > worked. I would disagree on the blacklisting part. I think that a lot of the bulk software *doesn't* retry, a lot of it is spoofing headers so mail isn't going back to where it would if the sender were legitimate, etc. Having to send mail to a location more than once means expending 2 connects instead of 1. It's a very small tax, but it's one I'm willing to impose if it makes their lives one tenth of one percent more of a hassle. > I then added to this later on the intention to show that depending on > greylisting alone will not work in the long haul, because it is easy > to program around it. Which the spammers will do once a majority of sites > use greylisting, and indeed, many spammers are already starting to do > right now. Like I said...if it taxes their resources even one tenth of one percent, I'm for it. > yah yah yah whatever. As I said before, you are so lost and hung up on > the monitoring example that you have completely misinterpreted everything > that I've said. Then why did you keep harping on it after I and others pointed out why your complaint wasn't such a show stopper? >The point was not to get sidetracked into this stupid > monitoring example discussion. The point was to discuss the merits and > problems of greylisting. Then start doing that. You said it wouldn't work in all cases, because XYZ. We said, hey, that's not a big deal because ABC. You continued to harp on XYZ. Try bringing up DEF next time. > I frankly think that you are so in love with greylisting that you are > deliberately trying to AVOID a discussion of it's merits - because you > cannot bear to hear anything bad about it. I'm interested in knowing where in my discussions I said it was the only thing to use, the only one I DO use, and that it was a cureall that I loved so much. I was personally looking at trying to combine SA, greylisting, and tarpitting, along with filtering by headers and stripping or sanitizing attachments/HTML if possible. You never even TRIED to bring up any other solution nor did you discuss the effectiveness of other methods when combined. If you did, point it out. At most, as I recall, you mentioned SA was more effective than greylisting (so? Combine them. Greylisting helps lower the system load when a message does get to SA). You pointed out you use greylisting and it was dying out in effectiveness, and you gave an example that hinted if certain businesses use it your world would fall apart because you wouldn't be notified in time and your customers would leave you in droves. > In summary, I run several busy mailservers, all that use greylisting. I > have used greylisting for quite a while. You can believe that or not. As I recall, I asked you how you have it set up on your system(s) since you previously said you ran it and saw the effect diminishing. It seems to me that you're almost making things up as to what I've said or not said, since I never implied you were lying or that I didn't believe you. You never did reply regarding the questions I asked. > I am stating that categorically, greylisting at the current time is > a quick hack, that in the majority of cases works, but it's effectiveness > has already started down the road to rapid decline, and every month I > am seeing more and more spam go right past it and get tagged by spamassassin > as being from a blacklisted spam emitter. You could have saved time by stating this instead of harping on your example of the cell message. I'm not insane in the perception that you were harping on it, since other were chiming in with possible workarounds as well to point out where your complaint wasn't necessarily more than a minor headache. I saw little or no mail that commented on alternative ideas of yours, which would indicate to me a little more proof that I wasn't missing your alternative solutions or discussion of other aspects of greylisting. As it stands it sounds a lot like you're trying to blame me for missing what you didn't have in the discussion to begin with. >That DOES NOT MEAN that you > should NOT use it - no more than it means you should not use things like > SPF records as counters in a point-based spamfiltering system - it merely > means that it's getting less effective every day. This is the first time in this thread that I recall you making a statement to this effect.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46388B76.6090900>