Greylisting vs Not-Greylising: Amazing!

11 posts / 0 new
Last post
#1 Sun, 04/26/2009 - 03:51
webwzrd

Greylisting vs Not-Greylising: Amazing!

I'm sure like you folks, the amount of spam passing through my server is quite alarming. My machine is strong and the truth is it seems to handle 120k+ of mail a day without much effort. But with most of that mail being spam, this amount is ridiculous.

I've thought about Email Greylisting in the past, but avoided implementing it because of the many clients I have that seem to think they always have such important email about to arrive that they check their mail every 60 seconds (they really need to get over themselves). They would surely be upset at any delays.

This past week I've seen a good 20K+ jump in the amount of daily incoming mail and the last Virtualmin update now provides easy Greylisting setup... I couldn't resist. Below is a before and after comparison - take a look and you'll see why I titled this thread "Greylisting vs Not-Greylising: Amazing!"

Before: [code:1]274.877M Bytes accepted 288,229,888 81.870M Bytes sent via SMTP 85,847,111 198.695M Bytes delivered 208,347,111 32.584M Bytes forwarded 34,167,232 ======== ==================================================

11675   Accepted                                     9.61%

109863 Rejected 90.39% -------- -------------------------------------------------- 121538 Total 100.00% ======== ==================================================

  256   5xx Reject relay denied                      0.23%
45667   5xx Reject unknown user                     41.57%
63940   5xx Reject RBL                              58.20%

-------- -------------------------------------------------- 109863 Total 5xx Rejects 100.00%[/code:1] After: [code:1]136.395M Bytes accepted 143,021,037 63.055M Bytes sent via SMTP 66,117,476 85.922M Bytes delivered 90,095,778 20.594M Bytes forwarded 21,594,842 ======== ==================================================

 2102   Accepted                                    76.33%
  652   Rejected                                    23.67%

-------- -------------------------------------------------- 2754 Total 100.00% ======== ==================================================

  472   5xx Reject relay denied                     72.39%
  179   5xx Reject unknown user                     27.45%
    1   5xx Reject client host                       0.15%

-------- -------------------------------------------------- 652 Total 5xx Rejects 100.00% ======== ==================================================

145260 4xx Reject recipient address 100.00% -------- -------------------------------------------------- 145260 Total 4xx Rejects 100.00%[/code:1] With 121,538 total mail down to just 2,754, there's no going back now!<br><br>Post edited by: webwzrd, at: 2009/04/27 03:11

Sun, 04/26/2009 - 11:29
Joe
Joe's picture

Yes, that is a surprisingly dramatic increase in early-stage spam rejection. It would have (mostly) been caught during delivery by spamassassin and/or clamav, but the simple fact that it can be rejected before it even reaches those stages is a big win. We're not seeing quite that level of success with greylisting, but it is about 50% early stage rejection. And any amount of mail that can be rejected before it ever hits the very expensive later processing stages is a win for bandwidth, CPU, and memory usage. Since mail is the most demanding thing on most virtual hosting servers, this is definitely a step in the right direction.

Thanks for the real world example! I, too, am amazed at how successful it's been on your system. Hopefully, your particular deployment is indicative of how well it'll work for most Virtualmin users (those with extremely large legitimate mail volume won't see this kind of impact, though it should always be a positive impact, even if much smaller).

--

Check out the forum guidelines!

Sun, 04/26/2009 - 11:52 (Reply to #2)
webwzrd

Makes me giddy! Thank you Joe for all the consistent updates and improvements that I/we constantly get to take advantage of. Also a big thanks to Eric, who was in my server within minutes after I reported an error on the install of postgrey.

I'll report back after a little more time passes.

Brian

Thu, 05/14/2009 - 04:07
webwzrd

Update:

It's been about three weeks now and the results have been fantastic! The after example I gave before was from the weekend, so the real mail was a bit light. However you can see below that even with a more typical week day, the amount of mail being rejected and never coming back is quite satisfying.
[code:1]413.980M Bytes accepted 434,088,977
135.328M Bytes sent via SMTP 141,901,844
324.317M Bytes delivered 340,070,989
35.766M Bytes forwarded 37,503,065
======== ==================================================

5772 Accepted 59.84%
3873 Rejected 40.16%
-------- --------------------------------------------------
9645 Total 100.00%
======== ==================================================

428 5xx Reject relay denied 11.05%
3445 5xx Reject unknown user 88.95%
-------- --------------------------------------------------
3873 Total 5xx Rejects 100.00%
======== ==================================================

118924 4xx Reject recipient address 99.75%
296 4xx Reject server config error 0.25%
-------- --------------------------------------------------
119220 Total 4xx Rejects 100.00%
======== ==================================================[/code:1]

Fri, 12/03/2010 - 14:36 (Reply to #4)
uinfor

Sorry, where can i get this reports of antispam ???

Sun, 05/17/2009 - 14:37
mrwilder

Where are these greylisting tools available?

Is the setup obvious?

Sun, 05/17/2009 - 14:40 (Reply to #6)
andreychek

As of 3.68 they're only available in the Pro version, but as soon as 3.69 comes out, you'll be able to manage greylisting from either the GPL or Pro versions.

The option is in Email Messages -&gt; Email Greylisting.
-Eric

Mon, 05/18/2009 - 10:44
christophera

Eagerly awaiting 3.69 gpl!

Mon, 05/18/2009 - 11:54
cyrus

3.68 Pro

Went to enable Greylisting after the install but received the following message:

[code:1]Enabling Postgrey at boot time ..
socket failed : Address family not supported by protocol[/code:1]

Mon, 05/18/2009 - 11:57 (Reply to #9)
Joe
Joe's picture

Restart the postgrey service and try again. This is a known bug in 3.68, fixed in 3.69.

--

Check out the forum guidelines!

Mon, 05/18/2009 - 12:03
cyrus

Sorry about that .. should have done a search BEFORE posting that.

I did, and then came across <a href='http://www.virtualmin.com/forums/limit/10/limitstart/10/virtualmin/postg... target='_blank'>Re: Postgrey install error</a>

Thanks.

Topic locked