Theo de Raadt wrote:
If a spammer knows I am running spamd because he can detect it, and
then disconnects, no spam makes it througg -- no spam is delivered.
There is no workaround for the spammer, except to act as a regular
"follow the RFC, and retry", which most of the spammers don't do (and
which we want them to do, since then they are easier to fight).
In fact, there are spammers who ARE noticing that greylisting servers
look (or behave) different, and they are disconnecting and not sending
spam through them. Thus, no spam is delivered.
i have seen a number of spammer outfits doing this: following the RFC
and retrying until the spam gets though and they're whitelisted, then
they're free to push crap through. any thoughts on how to best combat
this behavior besides spamassassin + amavisd (i.e. wasting cpu cycles
and bandwidth)?
