[07] WHAT IS GREYLISTING? HOW DOES HELP WITH SPAM OR UCE?

     SPAM that you receive can be forwarded to 'spam-bucket@sdf.lonestar.org'.
     This file is accessible to all users and the purpose of it is to help 
     identify spammer networks and spam content.

 WHAT IS GREYLISTING?

     Greylisting is a passive approach to dealing with spam.  It allows the
     SDF SMTP server to keep track of the SMTP servers that communicate with it.
     When SDF receives a connection from an unknown SMTP server it issues a 451,
     which basically means "I'm really busy, please retry later".  This sort of
     response occurs normally for a multiple of reasons everyday such as:
     The user is over quota, the file system is full, the load average is too
     high and so on.  A properly configured MTA will follow the SMTP protocol
     and respect a 451 by using its default retry interval which can be 
     anywhere between 5 minutes to 60 minutes typically.  SDF's greylisting is 
     only in effect for 3 minutes from the sending server's first attempt. This
     is well within a reasonable retry period of a properly configured SMTP 
     server.  When the previously greylisted server connects back within 8 
     hours of its first attempt, SDF accepts its connection and allows the 
     email to be delivered.  The host is then whitelisted for 48 hours.  This 
     also takes in account for other SMTP servers on the same network since 
     greylisting on SDF only looks at CIDR 24 (255.255.255.0) and therefore 
     the host number is ignored.  This allows greylisting to work with large 
     mail harvesting farms such as Gmail.

     Senders with SPF compliant headers are automatically passed without
     being deferred.

     You will be able to see the header line X-Greylisting in your email
     which will provide you details on the host and perhaps can help you
     with any additional filtering you might need.

     There is a simple utility called 'greylist' you can use to see what tuples
     apply to you.  Its important to note that if you do see a tuple in the 
     greylist that you known is legtimate it will always show up in the 
     autowhitelist, for 36 hours, when the sending host retries.  Because it
     is possible that a spam host could resend before they change their IP 
     address, you could receive that spam on a retry.  However, it is unlikely
     that they will retry and therefore you will always receive legitimate 
     email with a very low percentage of that possibly being spam.

     By default greylisting is enabled for all SDF members.  If you would 
     like to disable it, which is not recommended, you may do so by typing
     'greylist -t'.  You can re-enable it with the same command.

     MetaARPA members can also use the 'greylist -tw' command to create their 
     own rules to apply to mail delivery specific to their email addresses and 
     their domains.  You must have greylisting enabled otherwise there will be 
     no need for a whitelist.  This custom whitelist is a flat text file called 
     .wl in the user's home directory with a single email address on each row 
     of the file.  The file can only contain email addresses and 
     meta-characters will be stripped and ignored.

back