Milter-greylist

On Tue, Apr 04, 2006 at 11:04:11AM +0200, fredrik.pettai@... wrote:
> You may also try removing the polite and helpful "...in 00:05:00" and
> just say "Greylisting in progress, please come back later...". Or
> perhaps even remove the word "Greylisting" as well.

Yes, I will try this if I see just one retry after my new greylisting 
delay (30 mn).

If the spam engine reads that message, this make new counter measures
possible. I could use a real greylisting delay of 5 mn, display a 
message telling it's 30 seconds, and blacklist any machine that perform
retries within less than one minute. Publishing a DNSRBL of such a 
blacklist could be useful too. 

> The more fun & crazy (experimental) way would be to fill the the time in
> the SMTP message with letters/non-numeric characters, to see how they
> react to that :-) Hopefully they will crash...

The really fun and crazy idea would be to obtain the spam engine binary, 
find an overflow in it, and send data that would cause an exploit to
take control of the sender. Any taker? :-)

-- 
Emmanuel Dreyfus
manu@...