* Kurt Mosiejczuk (kurt-openbsd-m...@se.rit.edu) wrote: > Jan Stary wrote: > > >Strangely, the only occurence of 2.139.201.210 in the last month's > >maillog is just this; that's half an hour after it got WHITE. > >What happend at Mon Oct 29 14:49:24 CET 2012 that made it WHITE? > > >Anyway, it seems (some) spambots got less demented and actually do > >resend, getting themselves whitelisted - thus working themselves > >around the whole premise of greylisting. > > >Are people seeing something similar? > > I'm seeing it. I recently tweaked my greyscanner settings to pick > up some spammers getting through who shouldn't (they were staying > just under the threshold for further scrutiny). But I've still been > getting a couple a day, and they only just got themselves > whitelisted. So, you are not alone... > > --Kurt >
Hi, I see it too. I also use greyscanner to catch spammers and I see a lot of spam to <random numbers and letters>@mydomains. So I trap all hosts sending to addresses with numbers in them (as I don't have any legit accounts with numbers). This catches almost all spam. But I also see some backscatter from legit mail servers sending delivery failure notifications to mails where my domains was used as sender. This then resulting in me blocking these legit servers in case they were not already whitelisted (not good..). Strangely enough it seems like I also get delivery failure notifications from nodes on e.g. xDSL networks, not sure if its 'real' mail servers or bot nodes, some of these retries delivery according to RFC. Needs looking into.. /Joakim