[Greylist-users] Greylist gravy train ends in 3-6 months
Calvin Browne
calvin at orange-tree.alt.za
Mon Jul 19 01:38:44 PDT 2004
On Fri, 2004-07-16 at 16:52, Regis Wilson wrote:
> Hi, just recently implemented Greylisting and it works phenomenally well.
> I recommend a procedure where you first just log the tuples for a week or
> so. Since the spammers use random from and random IPs, any referecne count
> over 2 or 3 for a tuple should be enough to whitelist it before you implement
> greylisting.
>
> Also, as the subject suggests, I don't know if anyone realises that greylisting
> will be dead very soon. As soon as the spammers notice any impact on their
> delivery rates, it would be incredibly simple to overcome greylisting, to wit:
>
> 1. Zombie machine downloads 10,000 email addresses and starts delivering mail
> 2. Zombie detects tempfail code and puts from, to, and timestamp in redliver
> queue
> 3. Zombie is done mailing 10,000 emails, goes to redliver queue. If timestamp
> is 1 hour, 1 minute old, redeliver using same from, to and IP.
You missed the part where where the zombie gets listed in an rbl.
Thus rbl + 1 hour greylisting = effective block to the above (you may
have to throw in spam traps).
regards
--Calvin
-------------------* My opinions are mine *-------------------------
Calvin Browne calvin at orange dash tree dot alt dot za
Office phone: 080 314 0077 +27 11 314-0077
http://orange-tree.alt.za Mobile: +27 83 303-0663
Call me for Linux/Internet consulting
--------------------------------------------------------------------
More information about the Greylist-users
mailing list