Chris Laif wrote: > This morning I observed a huge number of spam messages bypassing our > greylisting mechanism. The greylisting retry time is set to 3700s > (>1h!) and the messages are still getting through. Did anyone observe > a similiar situation? > > Chris >
We saw something similar from a long-running bot-farm attack on 12th March. 3.5 million lines written to ~/mainlog in 24 hours, so still haven't had the time to ascertain an accurate count of attempts, but on the order of 300,000 to 600,000, given what we ordinarily produce as log line-count per each. The 'fix' here was to be a bit more aggressive w/r deny/drop on dynamic IP vs defer-and-greylist. Absent analysis, I cannot say that these were bots that had been reprogrammed to wait-out greylisting, but it is the most likely probability. Never-ending conflict.... :-( Bill -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
