On Wed, 26 Sep 2007, Liviu Daia wrote:
>On 26 September 2007, Craig Skinner <[EMAIL PROTECTED]> wrote:
>> Liviu Daia wrote:
>> >
>> > How does spamd distinguish between a legitimate retry and a
>> > re-injection of the same message with the same Message-Id, sender
>> > etc.?
>>
>> It doesn't.
>>
>> Just what you described would probably be within the default 25 mins
>> grey period.
>
> Why should it? The second copy is sent in a separate run, that's
>the whole point. The only thing the bot has to figure out is how long
>to wait until the second run. A smart one would send a second copy
>after 10 minutes, and a third one after, say, 35 minutes.
>
>> Another delivery attempt would be needed after this time to pass
>> spamd.
>
> Moral: randomize the greylisting time...
Or take advantage of the (by default) 25 minute window to use other
means to detect that this address is sending spam. Perhaps spamd should
be extended to look for excessive attempts to send messages from an
address during that period? (How often do spammers' lists contain only
one or two addresses from a domain?)
Dave
--
Dave Anderson
<[EMAIL PROTECTED]>
