Admins try another weapon against spam

Filed under
Security

With the volume of spam showing no sign of abating any time soon, system administrators are beginning to turn to one more weapon - greylisting, a technique which some have found to be remarkably successful.

Craig Sanders, a Melbourne-based independent IT consultant and a long-time sysadmin, said greylisting worked by keeping track of how many times a particular combination of IP address, sender, and recipient had appeared.

"The first time a given combination is seen, the sender is told to 'try again later'. If they try again later (after a configurable time period, usually around five minutes) then the message is accepted. The combination is then remembered and, if seen again, is allowed in without any further delay. Since most viruses only try once for each victim address, and also send from random/forged sender addresses, greylisting is extremely effective at blocking them."

Sanders said greylisting was an important part of any anti-spam/anti-virus arsenal. "It's not the whole solution - nothing is - but it is an essential component," he said.

"I implement it on every mail server I build and currently use the postgrey greylisting program (which works with the Postfix mail server)."

He said greylisting seemed to be popular on the Postfix mailing list and on other mail expert lists, "but that's representative of the experts who are really into mail systems and how they work, rather than representative of the bulk of mail server operators."

Full Story.