My Photo

About

Recent Posts

Add me to your TypePad People list
Subscribe to this blog's feed
Blog powered by TypePad
Member since 06/2005

« Leaving Venda | Main | Syntax Highlighting / Code Colouring »

Greylisting

I recently attended Jesse Vincent's training day  on RT. (Gosh that was a lot of links).

What was great was that these people were all administering significant RT deployments and because of their knowledge of the application, such a specific focus on it for the day and also the nature of RT we could often talk about wider architecture concepts such as database optimisation and mail configuration without losing focus.

The later (mail configuration) spawned what I want to talk about in this post, but I simply have to recall one anecdote from the day that I loved first.

The problem being discussed was people replying to the email they receive telling them that a ticket had been closed. Two responses to this are either ...

a) No its not bloody well closed, some kid came down and told me to reboot my PC and then wandered off before the machine had even restarted but not before he smirked at my troll doll collection sitting on top of my monitor. Section 21 of the Staff Handbook entitles me to decorate my workspace you know?!

b) Thanks.

Now in case (a) you want to reopen the ticket and in case (b) you don't, and of course you want a computer to do this. But computers still aren't that good at understanding text – I'm sure I can find some crazy MIT'er who will put this down to the industry rejecting LISP Machines, but then again I'm sure I can find another crazy MIT'er who thinks they can produce a perpetual motion machine. Anyway I digress.

So the question came to Jesse of how do you handle it. And I really dug his answer, maybe its my background in sales or maybe it's just my love for hacking, he proposed a social engineering solution where you set the closed text message to be something like.

“Your ticket is now closed if you are happy with the level of service, could we please ask you to mail our boss (boss@bigorganisation.com) to let him know instead of replying to this email. Blah blah blah”

Anyway maybe its just me, but I loved this solution, but on to the main and probably a lot more brief topic for this post.

Spam

Anyway Jesse talked about grey listing, well he probably talked about gray listing but you have to cut him some slack he was the speaker after all.

Basically this 'grey listing' is the strategy of doing a temporary reject on all email if you haven't white listed the address. Now good and nice mail servers will wait and retry a few times and once they do so after your threshold of keeping them outside waiting you can not only accept their message but also white list them so they don't have to wait in the future.

So I implemented this using greylistd and exim. It took about 30 minutes.

Now previously my daily spam levels where something like (and I should point out I hadn't tweaked spam assassin (SA)) ...

Caught by SA ~160
In my mbox ~60

I measured it again recently ...

Caught by grey listing ~225
Caught by SA ~5
In my mbox ~5

And to say I'm pleased is an understatement. The only inconvenience so far is asking a friend who I was talking to in IRC to make a document available via HTTP as it was time critical, he wasn't currently white listed and it was simply easier than manually white listing him and getting him to kick his mail server.

2007.11.09 |

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/t/trackback/411359/23185892

Listed below are links to weblogs that reference Greylisting:

Comments

Post a comment

If you have a TypeKey or TypePad account, please Sign In