Hello Guys,
As we expected, some day spammers would start 'sending again' and then workingaround greylist techniques.
Lately i have seen a LOT of SPAM resending with almost exact 10 minutes of difference. For example:
Feb 3 07:51:06 hermes policyd: rcpt=876, greylist=new, host=117.6.120.63 (unknown), [EMAIL PROTECTED], [EMAIL PROTECTED], size=33567 Feb 3 08:01:11 hermes policyd: rcpt=917, greylist=update, host=117.6.120.63 (unknown), [EMAIL PROTECTED], [EMAIL PROTECTED], size=0
Feb 5 23:21:02 hermes policyd: rcpt=2328, greylist=new, host=118.68.157.87 (unknown), [EMAIL PROTECTED], [EMAIL PROTECTED], size=0 Feb 5 23:31:05 hermes policyd: rcpt=2356, greylist=update, host=118.68.157.87 (unknown), [EMAIL PROTECTED], [EMAIL PROTECTED], size=0
Feb 2 10:56:37 hermes policyd: rcpt=1048, greylist=new, host=121.174.102.112 (unknown), [EMAIL PROTECTED], [EMAIL PROTECTED], size=0 Feb 2 11:06:40 hermes policyd: rcpt=1121, greylist=update, host=121.174.102.112 (unknown), [EMAIL PROTECTED], [EMAIL PROTECTED], size=0
just to quote some few examples of 'almost exact 10 minutes' resending connections.
Have you seen, greylist users, experiencing these spammers retrying as well ?? Seems it's time to raise the default TRIPLET_TIME to 15m .....
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
[EMAIL PROTECTED]
My SPAMTRAP, do not email it
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ policyd-users mailing list policyd-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/policyd-users
