[H-GEN] People's thoughts on Greylisting

Robert Brockway rbrockway at opentrend.net
Fri Nov 25 15:47:35 EST 2005 

On Sat, 26 Nov 2005, Stephen Thorne wrote:

> I've implemented greylisting, and one of the things I discovered through 
> error:
>
> a) the primary and the backup mx's should all have graylisting implemented.

Hehee - Yeah I found this also when I enabled grey listing :)

> b) you should only have one mx.

This seems to be a common belief these days based (partly?) on the 
belief that mail servers in Data Centres are highly reliable and so a 
backup MX isn't needed.

I don't agree that only a single MX is necessary or desirable.  No box has 
100% uptime.  We run 3 MXs and we've found this to be extremely useful. 
If you lose your only MX (and it will happen eventually[1]) then a backup 
MX lets you manage your incoming mail.  Without a backup MX you are 
relying on sending MTAs to hold and resend the mail.  You have no control 
over how long they will attempt to resend.

Multiple maximal MXs can be good.  Also an "active failover" where MX 20 
will deliver to the end user without MX 10 even be alive can be good too. 
Even "passive MXs" where they just queue the mail waiting for the primary 
to come up are good.

We're rebuilding our primary mail server (which is in a data centre) 
within the next two weeks.  We'll have all incoming mail queue on a backup 
MX pending the primary coming back up.  No need to hurry the rebuild. 
Someone will keep an eye on the queue on the backup MX and we'll see 
anything urgent if it comes in.

The argument that backup MXs allow more spam through certainly doesn't 
count in our case - we don't whitelist mail just because it comes from the 
backup MX.  I've never seen a reason to do this.

[1] All it takes is a reboot, an upgrade or a data centre outage[2].

[2] Yes I've seen these.

> Hopefully, once we deploy it on a site with a non-trivial amount of
> spam, we'll be able to do some statistics collection to see what net
> effect is has.

Back to the topic...I ran greylisting on my personal domain for a while 
and initially saw a drop in spam levels but I think they returned to 
normal fairly quickly (no hard data available).

Rob

-- 
Robert Brockway B.Sc.		Phone:	+1-416-669-3073
Senior Technical Consultant	Email:	support at opentrend.net
OpenTrend Solutions Ltd.	Web:	www.opentrend.net
We are open 24x365 for technical support.  Call us in a crisis.

More information about the General mailing list