Hello. I recently started using greylisting within Mimedefang on our relays. When TEMPFAIL'ed a spammer resends the same piece of mail every few seconds using a different IP and sender address. This continues until a permanent error is sent (User unknown). How do others deal with this tactic? See example below.
Feb 16 15:41:15 a043194 mimedefang.pl[23365]: TEMPFAIL 125.245.81.146 <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> Feb 16 15:41:15 a043194 sendmail[24281]: k1GLf1ei024281: Milter: to=<[EMAIL PROTECTED]>, reject=451 4.3.0 Greylisted for 30 minutes and 0 seconds. Feb 16 15:41:48 a043147 mimedefang.pl[19961]: TEMPFAIL 201.6.165.230 <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> Feb 16 15:41:48 a043147 sendmail[20302]: k1GLfeQ0020302: Milter: to=<[EMAIL PROTECTED]>, reject=451 4.3.0 Greylisted for 30 minutes and 0 seconds. Feb 16 15:41:51 a043194 mimedefang.pl[23365]: TEMPFAIL 125.242.199.18 <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> Feb 16 15:41:51 a043194 sendmail[24310]: k1GLfiPb024310: Milter: to=<[EMAIL PROTECTED]>, reject=451 4.3.0 Greylisted for 30 minutes and 0 seconds. Feb 16 15:42:11 a043194 mimedefang.pl[23383]: TEMPFAIL 200.216.24.6 <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> Feb 16 15:42:11 a043194 sendmail[24323]: k1GLg14t024323: Milter: to=<[EMAIL PROTECTED]>, reject=451 4.3.0 Greylisted for 30 minutes and 0 seconds. Feb 16 15:42:53 a043194 mimedefang.pl[23383]: TEMPFAIL 125.250.29.242 <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> Feb 16 15:42:53 a043194 sendmail[24354]: k1GLgkCb024354: Milter: to=<[EMAIL PROTECTED]>, reject=451 4.3.0 Greylisted for 30 minutes and 0 seconds. . many many more ... . Feb 16 16:35:06 a043194 mimedefang.pl[24387]: TEMPFAIL 69.88.142.140 <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> Feb 16 16:35:06 a043194 sendmail[25719]: k1GMZ0i3025719: Milter: to=<[EMAIL PROTECTED]>, reject=451 4.3.0 Greylisted for 30 minutes and 0 seconds. Feb 16 16:36:13 a043194 mimedefang.pl[24387]: TEMPFAIL 82.129.131.3 <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> Feb 16 16:36:13 a043194 sendmail[25754]: k1GMZwq4025754: Milter: to=<[EMAIL PROTECTED]>, reject=451 4.3.0 Greylisted for 30 minutes and 0 seconds. Feb 16 16:38:05 a043194 sendmail[25824]: k1GMbwih025824: ruleset=check_rcpt, arg1=<[EMAIL PROTECTED]>, relay=[125.241.33.67], reject=550 5.1.1 <[EMAIL PROTECTED]>... User unknown _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang