Our mail server receives around 10.000 e-mails per day. On weeekdays around 70% is spam, during weekends more than 90% is spam. Lately our mailserver load has been very high leading to poor reponse times. As a result we decided to implement greylisting.

Greylisting means that the first time a new combination of sender/recipient is seen by the receiving mail server the e-mail is rejected with a temporary SMTP error code. Something like “temporary failure, please try again later”. Most (if not all) mail servers will respect this and retry delivery a bit later. However, spam senders usually try delivery only once and therefore does not come back after receiving the temporary failure. The only disadvantage is a bit longer delay, from a few minutes up to an hour, before delivery.
We use Postfix as mail server and our choice fell on Postgrey (http://isg.ee.ethz.ch/tools/postgrey/) since it seemed easy to implement, efficient and reliable.

After implementing Postgrey (with a one minute delay) the amount of e-mails actually received by our mail server went from around 10.000 per day to 1.000 on weekends and the corresponding share of spam consequently went from over 90% to around 40%. Also, before greylisting the server could spend 40-50% waiting for I/O (spam filters seem to take resources) while afterwards the server is almost always idle.

Please note that we choose to whitelist info and support e-mail addresses (in other words, those are not subject to greylisting) in order to allow for incoming information requests (new potential customers) and support tickets (highest possible service level towards existing customers) to be delivered as quickly as possible.However, the amount of spam to these addresses seems to be a relatively small part of the total spam volume.

This entry was posted on Sunday, November 12th, 2006 at 14:53 and is filed under Internet, Linux. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.