Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-28 23:32 UTC

Message

Re: [milter-greylist] code, ecode and message and spam results?

2006-09-08 by Jobst Schmalenbach

On Thu, Sep 07, 2006 at 03:49:48PM +0000, Emmanuel Dreyfus (manu@...) wrote:
> On Thu, Sep 07, 2006 at 09:30:25AM -0400, Chris Hoogendyk wrote:
> > I've been getting more stock spam lately. Every time I check full
> > headers, I see the greylist header indicating that the message was
> > delayed. So they are resending. What I'm seeing getting through is
> > almost entirely stock spam (stock alerts, investment, etc.).
> 
> If you increase the delay, they will give up. 
> Handling resends needs resources. The spammer midly care, since he
> is not paying for the CPU, memory, and disk space of hijacked machines.
> On the other hand, this free resource is not infinite. If the machine 
> sends 100 message per second to servers with a delay of 12 hours, the 
> resend queue will grow up exhausting available resources.


You are  correct!

However, I have found that one way of beating ANY GREYMILTER is
sending an email ONE day and send ANOTHER ONE the next day. Because
the IP address has been moved on to the whitelist it is now
free to take a message.

The spammer this way saves a lot of energy to resend a number of times.

What would be good to have is another check running in the greymilter
that takes an IP address OFF the whitelist if it has not received another 
email with a certain time range.

This might explain it:

  * spammer sends the first trime on day one

  * greylist rejects email

  * time passes

  * greylist whitelists the spammer.

  * time passes and spammer still whitelisted

  * spammer sends the SECOND time on day TWO
    and eamil gets through

    YES, I am aware that the next filters will
    catch it if the address is on DNSRBL



Another way will decrease the chance of spammer getting through

  * spammer sends the first trime on day one

  * greylist rejects email

  * time passes

  * greylist whitelists the spammer.

  * time passes

  * after 12 hours spammer is taken of the
    whiltelist as no OTHER email was received

  * spammer sends the SECOND time (after 24hours) 
    on day TWO and email is TEMP FAILED again

    ;-)


jobst



-- 
Tommorow or the next life, whichever comes first, we never know. - Saying from Tibet.

             __, Jobst Schmalenbach, Technical Director
   _ _.--'-n_/   Barrett Consulting Group P/L & The Meditation Room P/L      
 -(_)------(_)=  +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia

Attachments

  • No local attachments were found for this message.

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.