Graylisting

[randee]

Is there any new info on gray listing with exim and cpanel?
Is anyone else successfully doing this?

I am being told by several(3) unix/email experts that installing "gray listing" on my cpanel mailserver will cut out a hugh amount of the problems I am running into.
I see run levels in the 8 to 12 range quite often - most of it seems to be smtp connections. Basically DoS and spam/dictionary attacks.

www.exim.org talks about it on their site some... but not a lot.

thanks in advance for any info...

 

[chirpy]

Do a search on the forums for greylisting - it's been discussed in some depth before.

 

[randee]

Thank you... big difference when I searched for grEylisting instead of grAylisting.

No matter who likes or dislikes greylisting, those that are using it (assuming they've properly set it up) are loving it and talking VERY highly of it.

My co-lo provider uses it on their mail servers (sendmail with over 25,000 active email addresses) and can't say enough good about it. They claim, for them, it was the magic "pill".

I have another admin friend that does government servers (they fly him around the country to specifically work on security and mail servers) and he also claims that as soon as they implement greylisting, they see an immediate and major reduction of spam. He says, ultimately, their server loads went down because of it (though not at first). He says occasionally they may screwup a legit email, but rarely. Stopping thousands and thousands of spam is worth the rare "lost email".

I do think that as soon as more servers are using greylisting, the spammers will figure out ways to cope with it as well. But still, it sure sounds like an effective tool for current symptoms - and lets face it, ALL the spam measures we use today are temporary measures... just tools, not cures.

I for one, really hope someone will come up with a cpanel setup for greylisting... and if folks are worried, then also a way to easily turn it off.

Thanks for listening... This forum is fantastic... Hope I don't sound like I'm "complaining".

 

[chirpy]

The main warning about greylisting is that you will not receive any email from sources that send out email using port 25 instead of the local MTA, e.g. many webmail scripting products and PHP forms, etc. So you will definitely lose legitimate email if you use it.

 

[randee]

Thanks for the reply Chirpy! I'm certaintly not an unix admin and I don't claim to know most (or much) of what goes on there... I rely upon having smart people like yourself around.

I run my cpanel mail server seperate from my cpanel webserver, (hate having all my eggs in one basket)... so "form emails" are already a hassle for me... RBL's like SpamCop like to reject forms from my webserver to my mail server, not even 6" away.

Without being argumentative, (just more questions)
Couldn't those particular sites be whitelisted? starting by white listing ALL local domains.
Clients sites that are suppose to get form results (from outside servers) could also be whitelisted... they would, of course, know who they are (and as soon as they complain, you'll know who they are as well ). This could cause a fair amount of configuring for really busy mail servers... but dealing with all the spam IS a lot of work already.

Or am I wrong here? I could be...
Again, I need people like yourself to keep my servers working properly.
And thanks!! I really DO appreciate your time and answers...

 

[chirpy]

The problem is you don't know which sites need to be whitelisted. All you'll know about it is that you (and your clients) won't be receiving emails that they ought to be. Any web server could be trying to send email directly and the email will simply be lost as the script sending it won't have a queuing facility (since the RFC's don't require one - which is my main gripe with greylisting telling the sender "I am currently broken, try again later". The sender thinks "Oh, you're broken, can't deliver the email").

 

[randee]

Don't RBL's like SpamCop already stop emails that are not coming from legitimate MTA's? Meaning that sites that simply use port 25 to send form results, are already having this problem in a much bigger way that greylisting would cause?

God I hate saying too much here as I'm probably wrong about the way rbls' work...
I'll come off showing how much I really don't know.

 

[chirpy]

No, RBL's don't work that way . Also, the method of sending email from a script is a perfectly legitimate use of SMTP, it's simply MUA->MTA instead of MTA->MTA, where the script is the MUA.

 

[Kerstin]

What you talking about, `RBL's like SpamCop` ? When i understand the topic right - the warnings of graylisting give hints to some email problems dependent on IP`s and spamming.