email_support Posted August 27, 2013 Share Posted August 27, 2013 A couple of you have been saying there are issues with greylisting. We have been over the code several times and checked the inbound servers and do not see the problem. In order to try to see what is going on, I would like to ask djporter and petzl (and anyone else who uses greylisting and who thinks there has been a change in the last several weeks) to do the following: 1. Set up a new folder in your account 2. Move several *current* spams into that folder. The spams should be from the last 24 hours. Eyeball the headers to make sure the spams aren't being sent through ISP/ESP smarthosts. We do not need a ton of samples from each person - 4-6 should be sufficient. If we need more we'll let you know. 3. Write to support[at]cesmail.net with the subject line: Greylisting/spam samples and *make sure* to include your CESmail email address and the name of the folder. Please do *not* send the spam itself to the ticketing address and do not paste it into your ticket and do not include old spam in your folder. If you have not been using greylisting and/or have not noticed a large uptick in spam in your Held Mail that you feel would have *not* been received due to greylisting, please do not open a ticket. Thanks for taking the extra time to do this. Link to comment Share on other sites More sharing options...
djporter Posted August 28, 2013 Share Posted August 28, 2013 In order to try to see what is going on, I would like to ask djporter and petzl (and anyone else who uses greylisting and who thinks there has been a change in the last several weeks) to do the following: Done. Please keep us posted. Link to comment Share on other sites More sharing options...
djporter Posted September 9, 2013 Share Posted September 9, 2013 I received the following email reply today from "Spamcop Support". Since this thread was not updated by "email_supported", I will do so: ======================================================================== Hi Don -- we do not see an issue with greylisting. It is easy for spammers to resend from the same IP after the 30/40 min interval and have their mail accepted, as well as sending through smmarthosts at large ISPs which are also not blocked. Greylisting, which was useful when it was first enabled years ago was useful because spammers had many fewer infected end user machines and the spammers would send massive amounts of spam through the machines they controlled. That also brought them to the attention of ISPs who did do some primitive forms or outbound spam control and volume control. As anti-spam measures became more sophisticated, the spammers also adapted. They never used to spam thru infected users' smarthosts, they now do that. They have available huge botnets and do not need to flood spam through a smaller number of IPs. Greylisting is a fairly primitive method of spam control and is easily defeated by simply resending 30-40-60 minutes later. Link to comment Share on other sites More sharing options...
petzl Posted September 10, 2013 Share Posted September 10, 2013 I received the following email reply today from "Spamcop Support". Since this thread was not updated by "email_supported", I will do so: After mine magically was "fixed" the Greylist started rejecting the 1000's of direct to MX botnet spam https://dl.dropboxusercontent.com/u/50667687/GREYLIST.png Before Greylisting went wrong the rejected entries was much like now https://dl.dropboxusercontent.com/u/50667687/GREYLISTnow.png So as I have said Greylisting gives spammer a hernia it slows them down Still getting one spammer bypassing Greylisting but only 3 a day Don't believe spammer is "resending" nor using a “smart host†IMO, I think their malware is fooling Greylisting to immediately receive botnet spam? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.