Milter-greylist

Hi

Recently I saw a new kind of spam. The messages contain a text part with 
nonsense that are obviosuly here to ruin bayesian filtering. The words 
are non-spam words, and if the user classify the message as spam, the 
bayesian filter efficiency will go down.

The message also contains an image, which carry the spam message. Because
the spam message is in an image, it is unreachable for bayesian filters.

That's not a real problem for me because I don't use bayesian filtering. 
I am more worried by the fact that a lot of such message get through 
milter-greylist.

Headers show that the message come from DSL and cable pools, so IMO it's
from a botnet. X-Greylist header reports that the sender retried only one
time and after 5 minutes and a few seconds. My greylist delay is 5 mn, 
so I wonder if this is a coincidence, or if the spam engine reads the
text message in the SMTP reply that says "please come back in 00:05:00".

Do we have to face spam engine that implement resends? What is your 
experience with that problem? 

I will try raising the greylist parameter (delay before the mail is accepted)
from 5 mn to 30 mn. If that does not cure the problem, it probably means
we have to hunt for new ideas again and code a new tool. Any suggestion
is welcome.

-- 
Emmanuel Dreyfus
manu@...