It is hard to reliably determine how much greylisting helps on a
specific system, i.e. what difference it makes compared to the
hypothetical situation greylisting wasn't used. May be an idea to
include some caution about that.
Log delivery attempts that are greylisted. Log greylisted delivery
attempts that subsequently pass. Compare the IPs in question against
whatever DNSBLs are in use to determine if the delivery attempts would
have been blocked anyway (without resorting to computationally
expensive
content filtering)....
Might also make sense to log the DNSBL result at the time that a
delivery attempt is greylisted, and then log delivery attempts that
pass
greylisting but are rejecting due to DNSBLs, and thereby determine if
greylisting is effectively giving a recently gone-bad host extra time
to
get itself listed.
Yes, that makes sense and, if you're running a test (and don't care too much
about computational performance) could be extended to content scanning too.
But that assumes you are able to identify messages, which I doubt is possible
to do in a reliable way unless you greylist during/post DATA. Which -- at least
in theory -- does not need to give the same results as greylisting at an
earlier stage.
I guess the only way to really test the effectiveness of (your version of)
greylisting (on your mail stream) is if you have a reasonably large stream and
you split that feed in two random groups and use greylisting one group only.
(I suppose most people don't care as much about measuring effectiveness as I
do, nor should they, but including something about effectiveness may be a good
idea as this is the main reason people use greylisting.)
Martijn.
Virus Bulletin Ltd, The Pentagon, Abingdon, OX14 3YP, England.
Company Reg No: 2388295. VAT Reg No: GB 532 5598 33.
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg