[Greylist-users] machine gun
John W. Baxter
jwblist at loricamail.com
Sat Jan 21 20:06:58 PST 2006
On 1/21/06 3:05 PM, "Bob Beck" <beck at bofh.cns.ualberta.ca> wrote:
> * Barb Dijker <barb at netrack.net> [2006-01-20 14:45]:
>> We are starting to see more machine gun spammers. For example,
>> yesterday youngexplorerscatalog.net attempted to send a message to a
>> single recipient once per second until greylisting allowed the message.
>>
> ....
>>
>> A quick peruse of the database shows a small handful of legitimate
>> mail that appears to be using the machine gun approach, e.g., mail
>> (really) from ebay that was blocked 80 or 90 times
> ....
>
> Means it is probably time to start exploring that in greylisting
> software - Should be easy enough to detect number of retries > X where X
> is "many" in the greylisting period, and just like deciding a server that
> does not retry is hostile, a server that retries exessively or stupidly
> is also hostile. Getting X right is the trick.
>
> What you think barb? 100 in 30 minutes is too much? or less?
A known server from which you wish to receive email might as well be
whitelisted. It is bad guys that greylisting is intended to keep out. To
continue the second example, unless you have no users with eBay accounts,
you wish to receive mail from eBay's fleet of servers.
--John
More information about the Greylist-users
mailing list