Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-13 23:57 UTC

Message

Re: [milter-greylist] Blacklisting a spammer?

2018-11-05 by Bob Friesenhahn

On Sun, 4 Nov 2018, Fred Smith fredex@... [milter-greylist] wrote:
>>
>> By sorting greylist.db, I see that many more blocks of IP addresses
>> now need to be added to the blacklist.
>
> might they be forged/spoofed addresses, such that the mail is not actually
> from those addresses? If so blacklisting blocks of them may be blocking
> innocent bystanders. So to speak.

Since SMTP is based on connection-oriented TCP, it is not possible to 
spoof the origin IP address.  The origin IP address needs to at least 
be stable during the session.  It is of course possible for some sort 
of proxy to be used, but the IP address of the proxy needs to be 
stable.

What I see is that entire Class C subnets are used for the spam 
function.  It may be that just a few actual hosts are involved, using 
many source IP addresses.

Bob
-- 
Bob Friesenhahn
bfriesen@..., http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer,    http://www.GraphicsMagick.org/

Attachments

  • No local attachments were found for this message.

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.