3
Greylisting... Again
Question asked by Sabatino - 7/21/2021 at 1:12 AM
Answered
SmarterMail Enterprise 100.0.7866.26361 (lug 15, 2021) 

I'm studying greylisting again

Years go by and inevitably I ask myself the question: is it still a method worth using?

The disadvantage of the delay is always there to remind me that I have to be careful.

Of course with smartermail the situation is better given the presence of the exception ip already compiled.

Here are some questions:

1) who keeps this list updated?

2) Does Trusted Domains and Trusted email address also affect the greylist filter or only the antispam?

3) There is a confusion on the statistics that does not allow me to understand the effectiveness of the greylist. If we go to the reports and analyze greylisted connections, the daily values are indicated for Passed, Blocked, Total at the trend and domains level. But if I then choose a single domain the same numbers are presented as Connections Allowed, Connections Delayed, Total

You understand that there is a big difference between blocked and delayed.

I would like to statistically understand how many connections are blocked to the greylist and how many are simply delayed. And this report data is really confusing.

Also given a domain, a user would be useful to see the sender, recipient, ip, date time, authorized, pending, expired pairs for record expirations or for Pass Period expiretion

5 Replies

Reply to Thread
1
Zach Sylvester Replied
Employee Post Marked As Answer
Hello Sabatino,

Here are the answerers to your questions. 

1. Who Keeps the lists updated?
This list was made in-house we make sure that it's updated.

2.Does Trusted Domains and Trusted email address also affect the greylist filter or only the antispam? 
Trusted Domains and Senders will bypass Greylisting

3.There is confusion on the statistics that does not allow me to understand the effectiveness of the greylist. If we go to the reports and analyze greylisted connections, the daily values are indicated for Passed, Blocked, Total at the trend and domains level. But if I then choose a single domain the same numbers are presented as Connections Allowed, Connections Delayed, Total 

We have an audit of the reports being done this will likely be changed in the future to be more intuitive. 

Please let me know if you have any questions. 

Best Regards, 

Zach Sylvester
Technical Support Specialist
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
3
David Sovereen Replied
We find greylisting to be very effective in stopping zero-hour (for which definitions aren't yet aware) and botnet/virus-induced spam (which is rarely retried).  While the stats in Smartermail make it difficult to know its effectiveness, it is/was noticeable by end users (we had to disable it due to performance problems that were corrected in a fairly recent build).

I wish that instead of creating a Whitelist of chosen larger Email Service Provider IP blocks, Smartertools would implement SPF-aware greylisting so that greylisting worked well for all ESPs, large and small, who send mail from multiple IPs, and not just the ones Smartertools has chosen to include in its whitelist.  https://poolp.org/posts/2019-12-01/spf-aware-greylisting-and-filter-greylist/

I've requested the above several times.  I should probably create a thread just for it and see if others are interested and would "me too" it.

Dave
1
Sabatino Replied
I have seen another one called adaptive grelisting working on another mailserver

The concept is to consider everything good in the first connection. But then if the antispam score is high, the subsequent connections from that server start using greylisting
1
Churchweb Support Replied
As an approximation to SPF-aware greylisting, we have Greylist Weight Threshold enabled and set to -1, which has worked really well for us over the years, particularly with SmarterMail’s built-in greylist bypass list and manual additions for our own servers.

A passed SPF check (0 weight), along with any whitelisting (negative weight) from DNSBLs like SenderScore, DNSWL or Abusix allows smaller, but well-run, servers through without any greylisting.
0
Sabatino Replied
This last solution makes me ask many questions.

The greylisting technique helps to avoid server workloads due to spam checks. If I apply the greylist only after calculating the scores it becomes useless. Technically antispam, uribl should intercept almost all spam, perhaps not zerotime spam.
But always having the score calculated before applying the greylist does not seem like a good solution.

Reply to Thread