From: "Giampaolo Tomassoni" <[EMAIL PROTECTED]>
Da: Marc Perkel [mailto:[EMAIL PROTECTED]
What I do is sort of partial greylisting. If a connection is suspicious
I give them a temp error on my lowest MX but accept them on higher MX
records. So that way most MTA will try a higher MX right away and it
doesn't add much of a delay.
Well, it's nice. But expect bots to circumvent this within few months: it's
easy.
Greylisting works on the assumption that no spammer would waste its precious time by
attempting a second time to an smtp server, but they could attempt to a site's higher MXes
soon after they get a 4xx from the lowest one...
You know: they have to do their dirty work within minutes, or their efforts will be voided
by reporting agents and the like (razor, pyzor, dcc, ecc...) or sometimes by the
connection provider itself.
<< If I were running a greylist instead of using fetchmail here I'd
definitely want to gen up a tool that notices source IPs and at the
third message from a source IP in 10 seconds engage the grey list
response. Ditto for same message subject CRC32 hash or the like. (And
if the first few are spam report it to one of the "instant response"
BLs to reward the spammer with some instant recognition to boost his
ego. {^_-})
{^_^}
