Milter-greylist

Emmanuel Dreyfus wrote:
> On Tue, Apr 04, 2006 at 11:04:11AM +0200, fredrik.pettai@... wrote:
>>You may also try removing the polite and helpful "...in 00:05:00" and
>>just say "Greylisting in progress, please come back later...". Or
>>perhaps even remove the word "Greylisting" as well.
> 
> Yes, I will try this if I see just one retry after my new greylisting 
> delay (30 mn).
> 
> If the spam engine reads that message, this make new counter measures
> possible. I could use a real greylisting delay of 5 mn, display a 
> message telling it's 30 seconds, and blacklist any machine that perform
> retries within less than one minute. Publishing a DNSRBL of such a 
> blacklist could be useful too. 
> 
Many normal MTA dont read the string with the delay time and retry after 
less then one minute. I think ther is a high risk that you blacklist 
normal MTA.

Greylisting works because Spamers often are not RFC conform. But it was 
clear that Spamers would become RFC conform if many Mailadmin use 
Greylisting.


>>The more fun & crazy (experimental) way would be to fill the the time in
>>the SMTP message with letters/non-numeric characters, to see how they
>>react to that :-) Hopefully they will crash...
> 
A nice idea but i hope normal MTA won't crash.


> The really fun and crazy idea would be to obtain the spam engine binary, 
> find an overflow in it, and send data that would cause an exploit to
> take control of the sender. Any taker? :-)
> 


-- 
--------------------------------------------------------------------------------
M.Menge                                 Tel.: (49) 7071/29-70316
Universitaet Tuebingen                  Fax.: (49) 7071/29-5912
Zentrum fuer Datenverarbeitung          mail: menge@...-tuebingen.de
Waechterstrasse 76
72074 Tuebingen