On Mon, 5 Nov 2012 07:52:50 +0100, Joakim Aronius wrote: >* Kurt Mosiejczuk (kurt-openbsd-m...@se.rit.edu) wrote: >> Jan Stary wrote: >> >> >Strangely, the only occurence of 2.139.201.210 in the last month's >> >maillog is just this; that's half an hour after it got WHITE. >> >What happend at Mon Oct 29 14:49:24 CET 2012 that made it WHITE? >> >> >Anyway, it seems (some) spambots got less demented and actually do >> >resend, getting themselves whitelisted - thus working themselves >> >around the whole premise of greylisting. >> >> >Are people seeing something similar? >> >> I'm seeing it. I recently tweaked my greyscanner settings to pick >> up some spammers getting through who shouldn't (they were staying >> just under the threshold for further scrutiny). But I've still been >> getting a couple a day, and they only just got themselves >> whitelisted. So, you are not alone... >> >> --Kurt >> >
>Hi, > >I see it too. I also use greyscanner to catch spammers and I see a lot of spam >to <random numbers and letters>@mydomains. So I trap all hosts sending to >addresses with numbers in them (as I don't have any legit accounts with >numbers). This catches almost all spam. But I also see some backscatter from >legit mail servers sending delivery failure notifications to mails where my >domains was used as sender. This then resulting in me blocking these legit >servers in case they were not already whitelisted (not good..). Strangely >enough it seems like I also get delivery failure notifications from nodes on >e.g. xDSL networks, not sure if its 'real' mail servers or bot nodes, some of >these retries delivery according to RFC. Needs looking into.. > >/Joakim > I have had a stack of both sides of the invalid address email stuff for some time. I make all the ficticious addresses into spam traps. That way I punish the fools whose servers "return" mail whence it came not. They just get tarpitted and I don't care as they should be refusing to accept incoming mail which they cannot deliver. Google generates a smaller number now than they were doing a month ago but they are whitelisted and just end up with a 550 NSN rejection. I suspect that the idea is to spread spam/malware by tempting whoever accepts the mail or the "returned" mail but I don't have time to play with that and they go on getting nowhere on my servers either way. If they really start bothering me in heaps I just may have to launch a few missiles.... Here's a bit of the output from my spamd database: SPAMTRAP|a3d2...@witworx.com SPAMTRAP|a7c85e...@witworx.com SPAMTRAP|abd3...@witworx.com SPAMTRAP|cc705...@witworx.com SPAMTRAP|cde50...@witworx.com SPAMTRAP|d00a6d...@witworx.com SPAMTRAP|d3a259...@witworx.com SPAMTRAP|dabee8...@witworx.com SPAMTRAP|e0c94...@witworx.com SPAMTRAP|f08b2b...@witworx.com SPAMTRAP|f3dc87...@witworx.com SPAMTRAP|f7ae30...@witworx.com SPAMTRAP|fc53...@witworx.com SPAMTRAP|ff70...@witworx.com I clean out the traps every few days with a script and back they come with new tries. I just wish that backscatter monkeys would get their act into gear because the other ones would simply get nowhere except the tarpit. Don't lose any sleep over it. /R/ *** NOTE *** Please DO NOT CC me. I <am> subscribed to the list. Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou. Rod/ --- This life is not the real thing. It is not even in Beta. If it was, then OpenBSD would already have a man page for it.
