[Mimedefang] Repeated attempts with different sender and IP when greylisting

[Mike Grau]

Hello.

I recently started using greylisting within Mimedefang on our relays.
When TEMPFAIL'ed a spammer resends the same piece of mail every few
seconds using a different IP and sender address. This continues until a
permanent error is sent (User unknown). How do others deal with this
tactic? See example below.


Feb 16 15:41:15 a043194 mimedefang.pl[23365]: TEMPFAIL 125.245.81.146
<[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
Feb 16 15:41:15 a043194 sendmail[24281]: k1GLf1ei024281: Milter:
to=<[EMAIL PROTECTED]>, reject=451 4.3.0 Greylisted for 30 minutes and
0 seconds.
Feb 16 15:41:48 a043147 mimedefang.pl[19961]: TEMPFAIL 201.6.165.230
<[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
Feb 16 15:41:48 a043147 sendmail[20302]: k1GLfeQ0020302: Milter:
to=<[EMAIL PROTECTED]>, reject=451 4.3.0 Greylisted for 30 minutes and
0 seconds.
Feb 16 15:41:51 a043194 mimedefang.pl[23365]: TEMPFAIL 125.242.199.18
<[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
Feb 16 15:41:51 a043194 sendmail[24310]: k1GLfiPb024310: Milter:
to=<[EMAIL PROTECTED]>, reject=451 4.3.0 Greylisted for 30 minutes and
0 seconds.
Feb 16 15:42:11 a043194 mimedefang.pl[23383]: TEMPFAIL 200.216.24.6
<[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
Feb 16 15:42:11 a043194 sendmail[24323]: k1GLg14t024323: Milter:
to=<[EMAIL PROTECTED]>, reject=451 4.3.0 Greylisted for 30 minutes and
0 seconds.
Feb 16 15:42:53 a043194 mimedefang.pl[23383]: TEMPFAIL 125.250.29.242
<[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
Feb 16 15:42:53 a043194 sendmail[24354]: k1GLgkCb024354: Milter:
to=<[EMAIL PROTECTED]>, reject=451 4.3.0 Greylisted for 30 minutes and
0 seconds.
.
many many more ...
.
Feb 16 16:35:06 a043194 mimedefang.pl[24387]: TEMPFAIL 69.88.142.140
<[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
Feb 16 16:35:06 a043194 sendmail[25719]: k1GMZ0i3025719: Milter:
to=<[EMAIL PROTECTED]>, reject=451 4.3.0 Greylisted for 30 minutes and
0 seconds.
Feb 16 16:36:13 a043194 mimedefang.pl[24387]: TEMPFAIL 82.129.131.3
<[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
Feb 16 16:36:13 a043194 sendmail[25754]: k1GMZwq4025754: Milter:
to=<[EMAIL PROTECTED]>, reject=451 4.3.0 Greylisted for 30 minutes and
0 seconds.
Feb 16 16:38:05 a043194 sendmail[25824]: k1GMbwih025824:
ruleset=check_rcpt, arg1=<[EMAIL PROTECTED]>, relay=[125.241.33.67],
reject=550 5.1.1 <[EMAIL PROTECTED]>... User unknown
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang