[AusNOG] Greylisting in an ISP / Hosting Environment

Shaun Ewing s.ewing at aussiehq.com.au
Mon Apr 27 11:33:20 EST 2009


On 27/04/09 10:48 AM, "Nick Brown" <nick at inticon.net.au> wrote:

> I'm wanting to get a general feel for the industries views on
> Greyisting, specifically as for the most part the people on this list
> are the ones who are infact trying to send us legitimate email. Is the
> consensus to try and build a well populated whitelist of known networks,
> or are we better to drop Greylisting - incur significant extra load on
> the gateways, and have to spend the extra time trying to fine tune the
> heuristics of our applications.

My advice is that if you deploy greylisting, then you need to have at least
one MX that does not use it.

While it does reduce spam, you run into the problem where some ISPs and
corporates attempt delivery from different outbound IP addresses with each
retry period. If you are greylisting on a combination of sender IP, envelope
sender and envelope recipient (or even just the first two) then it's
possible that incoming mail will be significantly delayed.

This not only has an impact on the parties involved, but your service desk
will probably be flooded with calls as well (especially if your service desk
uses greylisting on inbound ticket emails).

For our hosting customers that have backup MX, we only deploy greylisting on
the tertiary MX. We find that spammers hit this MX most often (because a
secondary/tertiary MX typically has the least amount of filtering) but the
greylisting basically solved this issue.

In no cases have we deployed (nor do we plan to deploy) greylisting on a
single MX service for the reasons above.

-Shaun




More information about the AusNOG mailing list