On 2004-09-13 12:27:26 -0400, Richard Rognlie wrote:
On Mon, Sep 13, 2004 at 05:48:34PM +0200, Peter J. Holzer wrote:
On 2004-09-13 17:14:37 +0200, Markus Stumpf wrote:
On Fri, Sep 10, 2004 at 07:44:11PM -0400, Seth Breidbart wrote:
The idea is that the spamtrap addresses will cause blacklisting before
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
the domain can green off the greylist.
At which point do greylist implementations make the entry for a
triple?
How about a
MAIL FROM
RCPT TO
RCPT TO
RCPT TO
RCPT TO
RCPT TO
[ ... ]
RSET
and come back 30 minutes later.
Such a pattern could be a reason to blacklist the sender, too.
If you are greylisting, it's that pattern that well behaved MTAs will
use.
I seem to have been quite confused when I was writing that, sorry.
What I was thinking of was that the RSET would be sent even though some
addresses (e.g., the the spamtrap mentioned by Seth) would return a 250
reply to avoid triggering the spamtrap before the greylist period runs
out.
That could be detected (although there is a certain probability of false
positives), but that isn't necessary. Much better to trigger the
spamtrap when receiving the RCPT TO address than waiting for the DATA
command.
hp
--
_ | Peter J. Holzer | Je höher der Norden, desto weniger wird
|_|_) | Sysadmin WSR | überhaupt gesprochen, also auch kein Dialekt.
| | | hjp(_at_)hjp(_dot_)at | Hallig Gröde ist fast gänzlich
dialektfrei.
__/ | http://www.hjp.at/ | -- Hannes Petersen in desd
pgpupivxhBG12.pgp
Description: PGP signature
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg