Tip

Freeware 'greylisting' for Exchange Server

You're probably familiar with whitelisting and blacklisting as methods to fight spam -- basically keeping lists of known-good

    Requires Free Membership to View

and known-bad email servers, respectively.

Between blacklisting and whitelisting is a sort of interim strategy called greylisting (also known as graylisting). Greylisting involves exploiting a behavior to which RFC-compliant mail servers are supposed to adhere -- and to which spammers rarely do.

VIEW MEMBER FEEDACK TO THIS EXCHANGE SECURITY TIP

How greylisting works

When a mail server connects to your mail server to send a given piece of email for the first time, a greylist notes the IP address and the email is rejected with a "Try Again Later" warning. If the server at the other end is running in compliance with the RFC standards for email, it'll try again later as it's just been instructed to.

The next time that server tries to deliver the email, your server will mark that server as "good" and allow future deliveries. On the other hand, many spammers will simply abandon any future delivery attempts after seeing the "Try Again Later" warning, since they typically just want to blast out as many emails as they can without retrying.

Also, during the retry period -- typically an hour or so -- there's a chance that the spammer's IP will be blocked by more conventional antispam techniques. In a way, greylisting is a little like a selective tarpitting scheme.

Programmer Chris J. has written a freeware greylist for Exchange Server, now called JEP(S). This application offers Exchange Server administrators a no-cost option for implementing and testing the effectiveness of greylisting as a spam-fighting mechanism.

The program installs as a .DLL that hooks into Exchange Server's SMTP service, and allows administrative control over the list of IP addresses tracked by the .DLL (so specific addresses can be manually added or removed).

Much of the effectiveness of greylisting is admittedly anecdotal. It's not something that can be recommended as a blanket solution, and it probably won't be a permanent one either. But the anecdotes are interesting: Chris's own experiences with greylisting cut down his spam load from about 4,000 messages a day to almost zero with no other changes.

About the author: Serdar Yegulalp is editor of Windows Insight, a newsletter devoted to hints, tips, tricks, news and goodies for all flavors of Windows users.

MEMBER FEEDBACK TO THIS EXCHANGE SECURITY TIP

JEP(S) is the new version of Greylist for Exchange. The name was changed because "Greylist for Exchange" was confusing to a lot of people. Also, it's now a commercial product instead of just an interesting project.

As before, the software is available in a free version and a licensed version. The free version is totally free without any time limit or spyware and such. New functionality includes: tarpitting, RBL, RWL, auto whitelisting, separate real-time monitor utility, and it supports IIS SMTP as well as Exchange 2000 and 2003.

Licensing: For free (advanced functions disabled), full 30-day trial license (on website), and the full license is 205 USD/149 Euro.
—Christoffer Järnåker, Proxmea

Do you have comments on this tip? Let us know.

Related information from SearchExchange.com:

  • Tip: SpamBayes -- An open-source antispam tool for Microsoft Outlook
  • Tip: Optimize your DNS blacklists with BL-Monitor
  • Tip: Fighting spam with SMTP tarpits
  • Learning Center: The spamfighter's toolbox
  • 10 tips in 10 minutes: Spam and phishing exposed
  • Learning Guide: How to fight spam on Exchange Server
  • Tutorial: How to protect Exchange Server from spam blacklists

    Please let others know how useful this tip was via the rating scale below. Do you have a useful Exchange Server or Microsoft Outlook tip, timesaver or workaround to share? Submit it to SearchExchange.com. If we publish it, we'll send you a nifty thank-you gift.

    This was first published in March 2007

  • There are Comments. Add yours.

     
    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.