[Greylist-users] Having fun playing with my own greylisting implementation.

[Eric S]

So far, other than the fact that my milter program dies at 3:03am every
morning, things are going well, and I'm having fun playing with things.
In fact, the fun is the major reason I'm doing this myself, instead of
using the reference implementation.  Not knocking the way the reference
implementation does things, but I feel more comfortable working with my
own code, and I'm going to be up to my elbows in the code.  Sendmail's
env-from checks are good enough for me, so I didn't bother using the
strengthened ones in the reference implementation, but I did write some
rather primitive HELO checks that throw a permanant block into the table
in the case of a few bad HELOs.  It's already been triggered nine times
out of about 100 messages, and these were messages that made it past my
DNSBL checks.

I've got other things that I want to include, and it's just easier to
implement them all within one milter rather than having multiple milters
running and then having to work out the best way for them to interact.
One of the things I'm doing is that if any rcpt to:s are specified to
spamtraps, it dumps the entire message (except copies to
postmaster/abuse), and I'd rather the greylisting be aware of that.

So far, the only UBE/UCE that's made it through to me has been while the
milter was down or when it was sent to an alias that forwards to me on an
unprotected machine.  My other users haven't been so lucky, so I'm
probably going to add some more logging/statistics to my implementation.

However, while I was playing around this weekend watching my logs, I
noticed something odd that was definitely a spammer (he did this to a
spamtrap) and either one that was clueless in general, or was already
trying to get around greylisting and doesn't get it.  During the same
transaction (not even connect), he tried to rcpt to: to the recipient
twice.  Now, depending on the way the reference implementation is written,
that might work if $delay_mail_secs is negative, but I don't think it
will.  So, the question is, did this person just use a crappy list that he
hadn't even bothered to make unique, or is this someone that has heard of
the idea of greylisting and thought he had a cute way around it?  I'm
suspecting the former :-)