On Thu, 22 Apr 2004, Chris Myers wrote: > There are groups of spam zombie systems THAT ARE COMMUNICATING > WITH EACH OTHER to retry failed deliveries. If System A fails > to deliver the message, then System B tries, and then System C > tries, and so on.
I have observed this behavior also. Some greylisted log entries, wrapped to fit and cut down a bit Apr 22 14:56:37 www sendmail[17579]: i3MIuZPl017579: from=<[EMAIL PROTECTED]>, size=435, class=0, nrcpts=1, relay=pool-141-157-217-101.ny325.east.verizon.net [141.157.217.101] Apr 22 14:57:07 www sendmail[17598]: i3MIusPl017598: from=<[EMAIL PROTECTED]>, size=429, class=0, nrcpts=1, relay=243.new-york-21rh15-16rt.ny.dial-access.att.net [12.75.158.243] Apr 22 14:57:12 www sendmail[17608]: i3MIvBPl017608: from=<[EMAIL PROTECTED]>, size=425, class=0, nrcpts=1, relay=CPE00400556f177-CM0080378682ba.cpe.net.cable.rogers.com [69.194.234.155] It's pretty clear to me that all of those boxes (cable modem and dial-up or DSL) are coordinating delivery attempts. Luckily, greylisting is *very* effective, because the sender and IP address are both changing. Regards, David. _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
