Jump to content

greylisting


Recommended Posts

A couple of you have been saying there are issues with greylisting. We have been over the code several times and checked the inbound servers and do not see the problem.

In order to try to see what is going on, I would like to ask djporter and petzl (and anyone else who uses greylisting and who thinks there has been a change in the last several weeks) to do the following:

1. Set up a new folder in your account

2. Move several *current* spams into that folder. The spams should be from the last 24 hours. Eyeball the headers to make sure the spams aren't being sent through ISP/ESP smarthosts. We do not need a ton of samples from each person - 4-6 should be sufficient. If we need more we'll let you know.

3. Write to support[at]cesmail.net with the subject line: Greylisting/spam samples and *make sure* to include your CESmail email address and the name of the folder.

Please do *not* send the spam itself to the ticketing address and do not paste it into your ticket and do not include old spam in your folder. If you have not been using greylisting and/or have not noticed a large uptick in spam in your Held Mail that you feel would have *not* been received due to greylisting, please do not open a ticket.

Thanks for taking the extra time to do this.

Link to comment
Share on other sites

  • 2 weeks later...

I received the following email reply today from "Spamcop Support". Since this thread was not updated by "email_supported", I will do so:

========================================================================

Hi Don -- we do not see an issue with greylisting. It is easy for spammers to resend from the same IP after the 30/40 min interval and have their mail accepted, as well as sending through smmarthosts at large ISPs which are also not blocked. Greylisting, which was useful when it was first enabled years ago was useful because spammers had many fewer infected end user machines and the spammers would send massive amounts of spam through the machines they controlled. That also brought them to the attention of ISPs who did do some primitive forms or outbound spam control and volume control. As anti-spam measures became more sophisticated, the spammers also adapted. They never used to spam thru infected users' smarthosts, they now do that. They have available huge botnets and do not need to flood spam through a smaller number of IPs. Greylisting is a fairly primitive method of spam control and is easily defeated by simply resending 30-40-60 minutes later.

Link to comment
Share on other sites

I received the following email reply today from "Spamcop Support". Since this thread was not updated by "email_supported", I will do so:

After mine magically was "fixed" the Greylist started rejecting the 1000's of direct to MX botnet spam

https://dl.dropboxusercontent.com/u/50667687/GREYLIST.png

Before Greylisting went wrong the rejected entries was much like now

https://dl.dropboxusercontent.com/u/50667687/GREYLISTnow.png

So as I have said Greylisting gives spammer a hernia it slows them down

Still getting one spammer bypassing Greylisting but only 3 a day

Don't believe spammer is "resending" nor using a “smart hostâ€

IMO, I think their malware is fooling Greylisting to immediately receive botnet spam?

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...