|
| Greylist |
| TitleIndex | WordIndex |
Greylisting attempts to discourage spam.
At the School of I.T., greylisting is performed on our primary SMTP receiver by
Subsequent instances of mail that match that same tuple (including
a retry of the first instance) and which arrive within 5 minutes of the
first appearance of that tuple also will be declined with a 451 code.
However, instances of that tuple which arrive after 5 minutes will be accepted.
Senders of real mail retry, spammers usually do not.
Tuples are stored in the file system as (almost) literal file names
(metacharacters and non-ASCII characters are either removed or replaced
by other, less meta, more ASCII characters).
At present the tuple for IP number I, sender S and recipient R is stored as both:
and
where S0 and S1 are the first and second characters of S respectively,
and DATE is the time of the start of the day on which this tuple was
most recently seen (expressed as a number of seconds since 1/1/1970).
A daily cron job
On 7/2/05 we disabled (actually just commented out) our last remaining
secondary MX record (metro.ucc.usyd.edu.au).
A day later we emptied our greylist tuple database, thereby forcing it to
start from a clean slate.
By 11/2/05 the number of greylist-based 451-code refusals
remained at approximately 100,000 per day, but the number
of deliveries fell from roughly 53,000 to 9,279 per day.
(Here "delivery" means that the mail item was allowed to pass
by the greylist software -- it may still fail to find a valid local
recipient.)
9,279 deliveries/day leaves roughly 9.3 seconds per delivered mail
item. Spamassassin, when run with all network-based features disabled
(spamassassin --local) and when run on one of our fastest computers,
requires roughly 1.6 seconds to classify a mail item.
smtp_recvd already calls a separate program to pass mail items on --
this could be replaced fairly easily by a front-end that does spam-tagging.
So the next step is to incorporate automatic spam-tagging into our
mail delivery...
A more complete description of greylisting may be found here:
http://projects.puremagic.com/greylisting/whitepaper.html ,
with more here: http://greylisting.org .
Implementation
/n/staff/usr/spool/smtp/bin/smtp_recvd
Mail is characterised by a tuple:
<SMTP sender IP number>/<envelope sender address>/<envelope receiver address>
Mail which does not match a previously seen tuple is refused
by the SMTP receiver daemon with a 451 (i.e. temporary) failure code.
/n/staff/usr/spool/smtp/lists/grey/all/<S0><S1>/<S>,<R>,<I>
/n/staff/usr/spool/smtp/lists/grey/<DATE>/<S0><S1>/<S>,<R>,<I>
Maintenance
/n/staff/usr/spool/smtp/lists/grey/expire
deletes tuples which have not been seen during the last 14 days. Counting
More
Support
FindPage
by browsing, searching, or an index