Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 8434 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Greylist feature question

Valerio
Hello everyone,

I've searched on many threads but I couldn't find an answer to my simple question: if I disable Greylisting from the advanced antispam features will the database of known sender continue to be updated and grow anyway?

We have just installed a new unit SG 135 and thinking of leaving disabled the greylisting and then activate it later if that's the case.


This thread was automatically locked due to age.
Parents
  • 0
    Since greylisting precedes all of the other checks.  My experience is that anything that might validly be blocked with greylisting is immediately blocked with an infinitesimal amount of effort and bits exchanged by RBLs, rDNS, SPF and Recipient Verification.

    All of the "desired" emails plus only about 6% of SPAMs get past the above checks, thus requiring that the Proxy receive the entire email.  Then it calls ctasd to calculate a "signature" that ctasd sends to CommTouch (Cyren) for a verdict of Confirmed/Maybe/Not spam which it delivers to the SMTP Proxy.

    All emails that are "Not spam" are then delivered.  Mails that are "Confirmed spam" can be handled in different ways, but I normally configure it to reject. "Maybe spam" can be handled several ways; I configure to quarantine.  In my experience, one of six "Maybe spams" is quarantined and the rest are rejected.

    Please share your results with us here.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    Since greylisting precedes all of the other checks.  My experience is that anything that might validly be blocked with greylisting is immediately blocked with an infinitesimal amount of effort and bits exchanged by RBLs, rDNS, SPF and Recipient Verification.

    All of the "desired" emails plus only about 6% of SPAMs get past the above checks, thus requiring that the Proxy receive the entire email.  Then it calls ctasd to calculate a "signature" that ctasd sends to CommTouch (Cyren) for a verdict of Confirmed/Maybe/Not spam which it delivers to the SMTP Proxy.

    All emails that are "Not spam" are then delivered.  Mails that are "Confirmed spam" can be handled in different ways, but I normally configure it to reject. "Maybe spam" can be handled several ways; I configure to quarantine.  In my experience, one of six "Maybe spams" is quarantined and the rest are rejected.

    Please share your results with us here.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML