On Aug 1, 2006, at 9:53 AM, Theo Van Dinter wrote:
On Tue, Aug 01, 2006 at 09:24:55AM -0700, John D. Hardin wrote:
How many spams would really comeback. max 20%
There is a much lighter-weight and more global way to achieve that:
standard greylisting.
Well, until greylisting becomes enough of a problem that the spammers
change
their software to queue and retry, thereby eliminating the benefit
completely.
They don't really even have to "queue". They just have to retry.
I started doing a tempfail on any host that doesn't have reverse dns
(tempfail instead of hardfail in case it's a transient DNS issue). The
other day I got 2500 attempts from one such host. I'm willing to bet
they were doing something like this:
1) run through my list of recipients
a) if I get to deliver, take that recipient off the list
b) if I get a permanent failure, take that recipient off of the list
b) otherwise, keep them on the list but move on to the next recipient
2) when I get to the end of the list, go through the list again with my
smaller list of recipients that got tempfailed the first time
No queue of messages. Just retry everyone who tempfailed, over and
over again until you get past the greylist. Only, I'm not greylisting,
so I just got hit over and over again.
It's a lightweight solution to getting around greylisting. It might
need some refinement though, but I wont say here what that refinement
is.
(though, I suppose you could say that's a queue of recipients, but I
tend to think of "queue" in the email sense as a queue of messages ...
which I don't expect to ever be a successful spam strategy for zombied
PC's -- it will use too many resources, and thus be too likely to
attract the attention of the user/owner)
Luckily, I do this check early enough in the SMTP session that it
didn't really tie up much of the actual system resources. (I do it in
MIMEDefang, in filter_sender, so right after the "mail from:" stage of
the SMTP session)
