RW wrote:
What I was getting looked like backscatter and smelled like backscatter it is just that some of the IPs sending it didn't check out as MTAs. i.e. they were not listed MXs for the domain they came from AND the domain was not likely someone with separate outbound senders. They all retried too and when I had them as TRAPPED entries the logged data included typical failed-to-deliver messages.
'bots getting smart eh? Bugger! If that is the trend, greylisting starts to lose its value as spammers adapt to the RFCs.
Set up a pf queue of dialup speed for windows boxes connecting to port 25? Should slow them down a bit, but still let the odd legit extrange sent mail in.
