David Sánchez Martín wrote:
Why 53 seconds? Because when you're blocked, you'll retry in 300
seconds. If greylisting was going to block any spam, it would
have done
so with a 2 second delay. And my users complain when mail is delayed.
A real MTA will retry in, at least, 300 sec.
A bot will retry as soon as possible, if ever, because its time is valuable
In two hours a bot could easily fall in a blacklist.
What you say was true 2 years ago. Today spammers will retry again (thus
negating greylisting) in 30 minutes. They no longer care about being
shut down in 2 hours since by the time they get disconnected they've
already compromised 5 other servers and are using them as well. A "real"
MTA may retry again in as little as 60 seconds. I've seen Yahoo (and
Hotmail and AOL) try using one SMTP gateway and if greylisted then try
on another within 5 seconds. I've also seen this behavior in numerous
Postfix and Exim servers. ESPECIALLY if you have more than 1 MX record
setup (which would be correct), but on domains that list only 1 server
as well.
What you were saying USED to be true, but spam has evolved. They even
set up rDNS these days. Heck, having an inside source, some even go as
far as to get on AOL's whitelist, which takes about 5 days.
They know that due to litigation/compensation that they usually don't
get onto a blacklist for 24 hours, if even then. I've reported spammers
to Spamhaus, Spamcop, Pyzor, etc. and have observed that it usually
takes almost 24 hours (depending on the number of people reporting) to
make it to the blacklist.
I see spam from servers hitting the QMT server daily - I report them,
and it continues for days.
Now you're experiences may be different. I run 20-30 mail servers of
various flavors (Qmail, Postfix) with 10,000+ users. This is what I have
observed over the last 5 years. You asked for opinions, and this is mine.
