Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-28 23:32 UTC

Message

Re: [milter-greylist] new spam engines

2006-04-04 by Oliver Fromme

Emmanuel Dreyfus wrote:
 > [...]
 > I am more worried by the fact that a lot of such message get through 
 > milter-greylist.
 > 
 > Headers show that the message come from DSL and cable pools, so IMO it's
 > from a botnet. X-Greylist header reports that the sender retried only one
 > time and after 5 minutes and a few seconds. My greylist delay is 5 mn, 
 > so I wonder if this is a coincidence, or if the spam engine reads the
 > text message in the SMTP reply that says "please come back in 00:05:00".

A quick and simple fix would be not to include the information
in the SMTP reply, don't you think?  For example, just say
"please come back later".  Standard MTAs never look at the
reply sentence anyway, so it shouldn't hurt legal mail.  But
spammers might lose an important piece of information.

 > Do we have to face spam engine that implement resends? What is your 
 > experience with that problem? 

I got a few of those spams that you described, too.  But not
many, which is probably due to the fact that I use NJABL and
DSBL for blacklisting dynamic DSL IPs and similar things, so
many of those botnet-generated spams might not reach me.  :-)

 > I will try raising the greylist parameter (delay before the mail is accepted)
 > from 5 mn to 30 mn. If that does not cure the problem, it probably means
 > we have to hunt for new ideas again and code a new tool. Any suggestion
 > is welcome.

You should increase it from 5 to 6.  If your spam mails then
start coming in at 6 minutes plus a few seconds, you have
proof that their mailers indeed read the SMTP reply sentence
and interpret the time specification.  You should then modify
that sentence, so spammers don't get a hint when to retry
your address.

Best regards
   Oliver

-- 
Oliver Fromme,  secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.

"C++ is the only current language making COBOL look good."
        -- Bertrand Meyer

Attachments

  • No local attachments were found for this message.

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.