Anyone heard something about a technique called "teergrubing"? It's a German expression and means "tar hole"
The target is to keep open as long as possible a connection from an spamming server. This can be done with SMTP "-" answer codes like: help 214-This is Sendmail version 8.8.5 214-Topics: 214- HELO EHLO MAIL RCPT DATA 214- RSET NOOP QUIT HELP VRFY 214- EXPN VERB ETRN DSN 214-For more info use "HELP <topic>". 214-To report bugs in the implementation send email to 214- [EMAIL PROTECTED] 214-For local information send email to Postmaster at your site. 214 End of HELP info It's possible to keep open a connection responding any 3-5 minutes with a new "-" line and so to use a spammers tcp-connection for hours and hours with a minimum of traffic. This box should be on an ip without regular mail traffic and without mx records (for open relay scanners) or with an special mx-record for spam-trap-mailboxes like [EMAIL PROTECTED] In addition this box can collect connecting ip-adresses and provide them as a blacklist. Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
