Greylisting

From ASSPSMTP

Greylisting (also refered to as delaying) is a simple but highly effective means of cutting down the amount of spam you receive.

What is it

Greylisting involves sending a temporary 451 SMTP error code to the sending server when a message is received, along with sending this error code ASSP creates a Triplet and stores this. On the second delivery attempt if the Embargo Time set by the ASSP admin for the Triplet has been surpassed the message will be accepted and a Tuplet will be created and not delayed again for an Expiry Time set by the ASSP admin.

This method is effective because the majority of spammers do not retry to send their messages and so their messages are never accepted. This is also somewhat useful in stopping viruses that contain their own smtp engine as these are not sophisticated enough to handle message queuing .

How it works

A simple explanation is as follows

1. A message is received by ASSP; the IP address of the sending host + senders domain are checked against a whitelist.
2. If the combination of the two pieces of information is found in the whitelist the message is allowed through.
3. If the combination is not found then a Triplet (the IP address of the sending host, sender, and recipient) is created and added to the Greylisting database and the sending MTA is informed that there has been an error by means of a 451 SMTP error code. The sending MTA should know that this is not a permanent error and should retry the message after a period of time.
4. When the message matching a Triplet is sent again after the Embargo Time, it will be accepted and the information on the IP address of the sending host + sender's domain is added to the whitelist as a Tuplet to prevent further delays for this combination.
5. The various time parameters involved are configurable for fine-tuning.

Configuration options

The options offered by ASSP for finetuning of the Greylisting process are as follows:

Enable Delaying - (Yes/No) 

Turn feature on or off.

Whitelisted Delaying - (Yes/No) 

Even if a user is whitelisted delay the message temporarily.

Spamlovers Delaying - (Yes/No) 

If a recipient is marked as a spamlover use delaying for their mail as well.

Add X-Assp-Delayed Header - (Yes/No) 

Add a header to the message to mark it as having been delayed. Headers like this can be used for further processing either at the MTA or client or for troubleshooting.

Enable delaying logging - (Yes/No) 

Decide whether to log delaying operations to the maillog.

Embargo Time - (Numeric value) 

The amount of time in minutes after which a delayed mail will be accepted. All MTAs have a different value for the time they wait before attempting to resend a message. If a sending MTA retries to resend the message before the embargo time has elapsed, the message will be refused again(embargoed). This prevents servers from simply retrying the message immediately and having it accepted.

Wait Time - (Numeric value) 

The amount of time in hours to wait for a retry before removing the information from the delayed mail database.

Expiry Time - (Numeric value) 

The amount of time in days to keep the IP Address/sender's domain before removing them from the whitelist. If a message from this sender arrives within the expiry time, the time counter is reset.

Use IP Netblocks - (Yes/No) 

Rather then use the single IP address of the sending MTA this option allows you to use the full /24 subnet that the machine is on. Many large mail systems use more than one server and move messages between servers between retries hence the incoming mail may be a retry but appears from a different IP address. This option gets round that problem without opening up large ranges of addresses.

Normalize VERP Addresses - (Yes/No) 

VERP (Variable Envelope Return-path Processing) is used by some mailing lists to track individual messages. This means that resent messages may have a different sender address and be seen by the delaying routines as a different message. By checking this box, ASSP tries to ignore the variable parts of the sender address which should then enable correct identification of resent VERP messages.

Expire Spamming Whitelisted Tuplets - (Yes/No) 

Option to remove whitelisted tuplets from the whitelist if subsequent messages are found to be spam by any other methods.

Don't Delay these IP's - (Text or File) 

In an ideal world all legitimate email systems would retry their messages after a period of time but unfortunately this is not the case. There is an incomplete list of these servers at Puremagic. This option allows you to specify a list or file containing IP addresses not to delay to counteract this problem.

Reply Message to Refuse Delayed Email - (Text string) 

The message the sending MTA receives when a message is delayed. This should always start with a 451 error code to indicate temporary failure.