[Greylist-users] Greylist gravy train ends in 3-6 months

Calvin Browne calvin at orange-tree.alt.za
Mon Jul 19 01:38:44 PDT 2004

On Fri, 2004-07-16 at 16:52, Regis Wilson wrote:
> Hi, just recently implemented Greylisting and it works phenomenally well.
> I recommend a procedure where you first just log the tuples for a week or
> so.  Since the spammers use random from and random IPs, any referecne count
> over 2 or 3 for a tuple should be enough to whitelist it before you implement
> greylisting.
> Also, as the subject suggests, I don't know if anyone realises that greylisting
> will be dead very soon.  As soon as the spammers notice any impact on their
> delivery rates, it would be incredibly simple to overcome greylisting, to wit:
> 1.  Zombie machine downloads 10,000 email addresses and starts delivering mail
> 2.  Zombie detects tempfail code and puts from, to, and timestamp in redliver
>     queue
> 3.  Zombie is done mailing 10,000 emails, goes to redliver queue.  If timestamp
>     is 1 hour, 1 minute old, redeliver using same from, to and IP.

You missed the part where where the zombie gets listed in an rbl.
Thus rbl + 1 hour greylisting = effective block to the above (you may
have to throw in spam traps).



-------------------* My opinions are mine *-------------------------
 Calvin Browne calvin at orange dash tree dot alt dot za
               Office phone: 080 314 0077        +27 11 314-0077
               http://orange-tree.alt.za Mobile: +27 83 303-0663
               Call me for Linux/Internet consulting

More information about the Greylist-users mailing list