Because I'm working away from home at client site much of the time, and un-snooped access to my home email is A Good Thing™ to have, setting up secure webmail was a priority for me when I moved to hosting my own email setup.

I've been using SquirrelMail for pretty much all that time - having a system that I can keep up to date using Debian's apt-get management tools is a strong incentive.

But I never really liked it - the interface is extremely clunky, and uses frames, which is a particular hate of mine. Recently though, improved Open Source webmail interfaces have been coming along like buses, no doubt inspired by the success of Gmail.

One's so good, I installed it for a test, and liked it so much, I repointed my webmail domain at it within 5 minutes.

Having had previous success with the Great Wall of Spam and DSPAM, I was still a bit annoyed by the amount of spam making it to the DSPAM quarantine, and so to be periodically scanned and a small number of false positives permitted through.

I'd been hearing a bit about Greylisting, and Mike had had some good results with it, so thought I'd give it a go. A wee mail SNAFU last week was the trigger, and I installed qgreylist as a layer between IP blocking and DSPAM.

The way it works is like this: SMTP is designed to be tolerant of downtime of the recipient mailhost. So if a sending hosts discovers a problem, it'll wait a bit, then try again (and if it still has a problem, will wait for a longer time and try again - repeat for a few days until finally giving up). However, spam-sending software is designed for maximum volume throughput, not maximum %age reaching destination, both for not sweating the small stuff reasons, and because spam-senders tend to get blackholed within a few hours. So generally, it doesn't follow this part of the SMTP protocol.

So what happens when you deliberately cause a temporary problem to every piece of mail? Spam generally doesn't get repeated - it disappears before reaching your MTA. As long as you keep a track of mailservers that have tried to send you mail, and accept mail the second time around, real mail still gets through.

The results are impressive: my average 60-80 spams a day has been cut to around 10. Checking the DSPAM quarantine is no longer a nightmare if you leave it a few days. And as far as I know, no real mail has been lost.