DCC Greylists

This page is mirrored at Rhyolite Software and dcc-servers.net.

Introduction

In 2003 Evan Harris announced a notion he called greylisting. Greylisting does not absolutely reject mail, but requires mail from unfamiliar senders to be retransmitted by their ISPs' SMTP clients. Mail from familiar senders is passed immediately.

The idea is to delay mail from unfamiliar senders for half an hour, but immediately deliver mail from regular correspondents. It is based on the observation that large amounts of spam is sent via open proxies, botnets, and other mechanisms that do not involve proper mail transfer agents (MTAs). A proper sending MTA will repeat a transmission after a temporary 4yz rejection. RFC 2821 says that the sending MTA should retransmit 30 minutes or later after a failure, but spam sent through an open proxy as well as some viruses and worms are not retransmitted.

Greylisting is extremely effective against spam that is not otherwise detected by DCC clients. If you cannot use greylisting, consider body URL blacklisting by adding something like -Bsbl-xbl.spamhaus.org,any to DCCM_ARGS or DCCIFD_ARGS in /var/dcc/dcc_conf.

In the DCC implementation of greylisting the sendmail milter interface, dccm, or the general MTA interface, dccifd, sends a request to a modified version of the DCC server, greylist dccd. The requests contains the simple DCC body checksum of the message as well as an MD5 checksum of the MD5 checksums of IP address of the SMTP client sending the mail message, the envelope sender or Mail From value of the message, and the recipient or envelope Rcpt To value of the message. If the combination IP address, sender, and recipient is familiar, the DCC client tells the MTA to accept the message. Otherwise the DCC client tells the MTA to embargo or temporarily reject the message.

If the sending MTA persists and retransmits the message after the embargo but within the wait time, the triple (sender, IP address, addressee) is added to the database.

Considerations, Caveats, and Differences

Installation and Testing

See the DCC installation instructions for installation instructions for DCC greylisting.

Greylisting can be tested by sending mail from unfamiliar IP addresses or senders. The beginnings, continuations, and endings of greylist embargoes are indicated in log files by the string "embargo." Note that a message can be marked in a DCC log file as both embargoed and rejected as spam.

Flooding of data among DCC greylist servers can be examined with commands such as

	   cdcc "grey on; flood list; flood stats all"
Because greylist databases are usually tiny compared to a DCC database, the dblist -Gon command can be useful.

Contact Vernon Schryver at vjs@rhyolite.com or use the form.
The operator of this web site will not give, sell, or otherwise transfer addresses maintained by this web site to any other party for the purposes of initiating, or enabling others to initiate, electronic messages.