Kelvin
The comments you mention are EXACTLY those that were said to me when I implemented greylisting at a site.
I would ask though, how do you or the end users know that the delay would be "totally unacceptable". You only have a surface knowledge of how greylisting works in practise (ie you believe that it delays every message & therefore that is a bad thing). What was that famous phrase, "A little knowledge is a dangerous thing".
I would strongly suggest that your users are unlikely to notice any difference (or very little difference) for a variety of reasons.
I tried it myself on my own server (low volume email). I also persuaded another site (moderate volume) to conduct a test as they were quite alarmed at the possibility of not receiving messages "immediately" (I'm sure you know that there is nothing immediate about email as it can be quite slow at times, so I feel their concerns were not totally correct anyway).
I DID NOT tell them when it was introduced, I just installed it. I received NO complaints at all over a one month period.
During that month spam dropped to virtually zero (RBL, pattern matching & bad HELO/EHLO were also in effect & doing their job quite well). This server is rejecting (at smtp level) about 7000 "bad" messages every month.
I would say that the above 3 techniques do reduce spam to quite low levels, but greylisting got rid of the ones that slipped through.
Greylisting remembers the sender IP and only the first message is delayed (in a specified & adjustable period, normally 24 hours). Subsequent messages from the same sender in the same period do not get delayed, they are delivered as normal.
Furthermore you can create white lists of IPs and those senders NEVER get delayed. Add your local IP and other trusted IPs to totally avoid delays from those senders. You can also add IPs from common trusted senders and over time build up a popularly used list of IPs for which no greylisting will occur.
In practice both of the above means a lot of messages are NEVER delayed.
It would depend somewhat on your pattern of usage, ie whether lots of different senders or regular repeat senders and how much effort you want to put into whitelists.
If any email users have already received one message from a sender today (same IP) (default setting), then all other messages will be delivered as normal with no delay.
Of course on the downside there are some other issues, primarily broken mail systems that do not retry (as greylisting relies on the retry for the message to get through), then it is possible to loose messages from mail servers that do not retry.
When you find out (probably by a complaint from the sender) you can add that server IP to the whitelist and all messages from them will be delivered without delay. A majority of mail servers do retry.
You could say that a similar (but different) problem of (undelivered messages) applies to the use of RBL lists, but a lot of us are happily using those.
The other problem area is where there are server banks with multiple IPs sending the same message. It gets greylisted with the first IP, then greylisted with the second IP then the 3rd & 4th etc, hopefully it then tries using the first IP and will then get successfully delivered. I have watched this happening in logs on my own server, eventually the message is delivered, the actual delay will relate to the frequencey of retries. Again in practise this was not great as the message was from a large corporate who kept retrying every few minutes, so the message got through after about 10 - 20 minutes any way. Note that some ISP's retry after 30 - 60 minutes and some other ISP's eg Dodo do not retry for 36 hours typically, and do use different IPs, so you may not receive mail from them for many days, if at all. I think Dodo and any similar ISPs need to be on the whitelist. There is a default whitelist of known bad senders IP's installed by default from the rpm.
See
var/qmail/greylist
var/qmail/whitelist
Also see
/usr/local/bin/qgreylist - for setting details & explanations.
I suggest you try greylisting out so you can gauge the effectiveness & see if complaints about delays end up being realistic or "all in the mind".
Having said all of the above, there is no guarantee that the sme developers will continue using/supporting greylisting. It has its pros & cons, so gauge for yourself.
I should add my thanks to Gordon Rowell & Charlie Brady for their help in improving my understanding of greylisting.
Regards
4 Replies
1407 Views