I just recently turned grey listing on with smartermail 4.x. Huge Reduction in spam! I highly recommend everyone enable this! It even blows away RBL lists as a way to prevent spam. Only other feature smartermail is missing that would really hurt spammers is a tarpit.

whitesites,

do you experience a delay in email delivery because of gray listing? I haven't enabled it, but I wanted to ask about the delay first.

SmarterMail help states:



Also, do you black list any IPS? On the forum here, there are several posts with IPs to block. Didn't know if you tried any.

Thanks!

There is definately a delay, but not too bad. Usually I get my emails within 15-20 minutes. I have 6 domains running on smartermail, and so far none of my clients have complained about emails not coming through. This definately does stop spam. As Spammers don't let emails sit in the queue. IF they can't get through on the first try they just delete the email. I also have two RBL lists setup for blocking ( spamcop and spamhaus ). The best part is by making the spam come back later ( if at all ) this delay of 15 minutes can sometimes be the difference between the spam being detected by an RBL list or not.

Here are my stats for teh last 24 hours
incoming spam blocked 3167
Greylisting blocked 235
Greylisting allowed 128

What is amazing is my server used to get around 8000+ spams / day. Since implementing the grey listing this has dropped to 3100. I guess spammers don't like it when your emails sit in the queue, and they purge it from the list.


Add these two RBLS
bl.spamcop.net 30 weight
zen.spamhaus.org 30 weight

Add abuse detection
Bad SMTP Sessions ( Harvesting ) time 20 minutes, count 2, block 1000 or more

Greylisting
block Email Enabled
Allow users overicde enabled
apply greylisting to smart ( don't know what this does, disabled )
block 15 min
pass 360 min
record 36 days

Sweet! Thanks for the tips! That was more than I was expecting I'll definitely implement all of those settings you mentioned.

Are you using Smartermail 4 or 5? (I'm using SmarterMail 5 Pro)

Also, Is SpamCop and SpamHaus free to use?

Oh yeah.. one more thing. Regarding the delay..

Is it true, that once its verified not being a spammer, the address is white listed and there is no more delay?

I am using smartermail 4. Haven't had a chance to play with 5 yet.
Yes those RBLs are free I have over a dozen RBLs setup but only I am only using those two for blocking. The others are for filtering and they don't catch enough to make it worth while. Let me know if you get any false positives. I haven't had one yet.

I am not sure about that. I think the whitelist is manual. But if you add people to your whitelist its true that they aren't put through the gauntlet. Smartermail 5 might do that, but not sure. I wouldn't think that they would auto add people to your whitelist, mainly because an IP could be good one minute and then show up on an RBL list the next.

When you use greylisting basically your server first rejects the message, but then it adds it to a temporary 'allow list' so when the legitimate sender retries it passes through without being 'greylisted' again. The allow list is set by default I think to 35 days. You can change this in the greylisting settings. Most servers are set to reattempt delivery after about 15 minutes...but sometimes they take hours..some don't retry at all (SmarterMail has an exemption list for the large ISP's who don't retry in a timely fashion in their backend configuration files).

Some settings we found while fighting 'spam floods' on our shared servers were implementing some RBLs. This is how we would typcally set the servers in the event of a flood from something like a botnet.

Login to SmarterMail Admin - Security - Anti-Spam Administration - Add RBL List

RBL: Backscatter.org - Weight: 5 - DNS Server: ips.backscatterer.org
RBL: UCEProtect Level 1 - Weight: 20 - DNS Server: dnsbl-1.uceprotect.net
RBL: UCEProtect Level 2 - Weight: 15 - DNS Server: dnsbl-2.uceprotect.net
RBL: UCEProtect Level 3 - Weight: 10 - DNS Server: dnsbl-3.uceprotect.net
RBL: SORBS Relay List - Weight: 10 - DNS Server: smtp.dnsbl.sorbs.net
RBL: SORBS Zombie List - Weight: 10 - DNS Server: zombie.dnsbl.sorbs.net
RBL: SpamCop - Weight: 10 - DNS Server: bl.spamcop.net
RBL: Spamhaus PBL - Weight: 10 - DNS Server: pbl.spamhaus.org
RBL: SpamHaus SBL+XBL - Weight: 10 - DNS Server: sbl-xbl.spamhaus.org

Then goto the SMTP blocking tab and click Incoming Options - click Enable Spam Blocking - Weight Threshold = 20. This will not allow the message to be delivered it if is has a score of 20. The only way to have a score of 20 is to either be on the UCE Protect Level 1 list or must be on two of the other lists. But be careful in using these settings as they are unbiased lists and will block large ISP's (google/aol/yahoo/verizon) if there is spam coming from their networks. You can also simply add the RBL's without enabling the incoming blocking and then use your domain/user spam filters to move messages into the junk e-mail folder.

These RBL's have blocked 338003 emails out of 509588 in a 24/hr period on one of our servers...which is about 66% of all emails (legit+spam).

Thanks for the insider tips Ray! I have applied them accordingly. I noticed in SmarterMail, that some options were not enabled for Filtering, or SMTP in or Out. Should I enable them for filtering plus SMTP in and out? (See Screenshot Below)

If you want the server to block them inbound where it simply rejects the connections from them then you can enable the 'incoming SMTP blocking' (You have to check the check mark box next to each one you want applied..then do the steps I listed previously to set a score at which they should fail and enable it there).

I wouldn't do outbound blocking though.

You can choose to either block it at the server level or let the users block it using their spam filters... Also make sure you have your DELIVERY and SMTP logs turned on DETAILED. This way if someone is missing an email, or a user gets a bounceback when sending to your server, you can simply look in the logs and find out what caused the block. It will tell you which RBL's it was on and why it failed.

Well, figured I would make a report:

One my clients emailed me first thing this morning, and she said she usually wakes up to about 300 spam messages, and this morning she only has 3 pieces of spam!!

Took a look at the greylisting reports, and over night (10 hour period since we enabled it) it blocked 856 messages for all our domains.

Ray and whitesites, those settings were a Godsend for our clients. Thanks so much for sharing your tips!!

Glad our settings helped you. If Smartermail ever comes out with a tarpit module, spammers will be done. A Tarpit essentially locks up their outgoing connections. Dragging their server to its knees. Keep us posted on your success. I haven't had any false positives. Just want to make sure others don't experience any too.

I wouldn't recommend Tarpiting too long....a lot of servers will time out if the receiving server takes too long to reply...I know one remote server wouldn't send a ACK for 75 seconds...our outbound servers wont wait that long to receive an ACK so the messages always time out...

Spam filtering is good...but too much can sometimes be problomatic...for instance you can block 99% of spam...however how much legitimate messages are caught? If your customers start having delivery problems you will need to know

Who sent the message:
Who was the message sent to:
The date/time the message was sent:
Header information from where they sent to perhaps a remote email address: (this way you can find out their external servers IP address/address range to search through the logs for).

With that information usually you can find what caused the message to fail. With inbound spam blocking via RBL's you need to know the sources outbound IP address, or atleast a range..that combined with the date/time you can usually find out why it failed.

from what I have read a tarpit allows the message to come through but forces it to come through very slowly. It doesn't hold up the spammer from getting a response. it just forces the spammer to send the message a few bytes / second. This means a spammer would end up taking several minutes to send 1 email ( of which is deleted once its recieved ). Spammers rely on getting millions of emails out in a very short amount of time. slowing them down costs them time and money.

That is the same thought for greylisting. They have millions of emails to get out, so they don't reattempt. However with Yahoo's increasingly demanding servers to continue retries, spammers will conform. There are multiple methods to tarpiting, but the one that I've seen issues with is when we issue a

HELO server.dc2.hostmysite.com

and they don't reply for 75+ seconds...OR they have it set to do that after the

RCPT TO:<user@domain.com> command...
we need their AWK of
250 Recipient Okay

For us to issue the
DATA command.

If it is a larger message and they only allow Xbits/second it would also cause the message to timeout. Greylisting is another form of 'tarpiting'

http://en.wikipedia.org/wiki/Tarpit_(networking)#SMTP_tarpits