[EMAIL PROTECTED] wrote: > Hi list, > > Not sure if it's entirely on-topic, but at least I want to monitor it > closely. > > A while ago I implemented graylisting, which works quite well. But since > 2 days ago I'm seeing loads of mails which are passing by the > greylisting (so they are being sent again by a "real" mailserver). > > Anybody knows if there is a new windows virus on the loose that retries > to deliver mails? The mails are coming from all kinds of hosts, all > kinds of countries but mostly from dialup or adsl accounts (so, not > hijacked corporate mailservers).
Do you use some "spam-trap based" DNSBL at your MTA? e.g. CBL.abuseat.org (included in xbl.spamhaus.org) You can use gray-listing to avoid "blind spot" (detection delay) of such lists to increase their efficiency. Two standard questions to clear the picture: a) Do you block dynamic ip addresses at MTA level? b) Do you block "free" email services? -- [pl>en: Andrew] Andrzej Adam Filip : [EMAIL PROTECTED] : [EMAIL PROTECTED] Home site: http://anfi.homeunix.net/