Message-ID: <4580A827.7080200@nersc.gov>
Date: Wed, 13 Dec 2006 17:25:59 -0800
From: Thomas Davis <tdavis@nersc.gov>
User-Agent: Thunderbird 1.5.0.8 (X11/20061107)
MIME-Version: 1.0
To: Dumitru Ciobarcianu <Dumitru.Ciobarcianu@ines.ro>
CC: Matti Aarnio <matti.aarnio@zmailer.org>, linux-kernel@vger.kernel.org
Subject: Re: Postgrey experiment at VGER
References: <20061212235056.GP10054@mea-ext.zmailer.org> <1166001902.15211.4.camel@DustPuppy.LNX.RO>
In-Reply-To: <1166001902.15211.4.camel@DustPuppy.LNX.RO>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1266
Lines: 29

Dumitru Ciobarcianu wrote:
> On Wed, 2006-12-13 at 01:50 +0200, Matti Aarnio wrote:
>> I do already see spammers smart enough to retry addresses from
>> the zombie machine, but that share is now below 10% of all emails.
>> My prediction for next 200 days is that most spammers get the clue,
>> but it gives us perhaps 3 months of less leaked junk.
> 
> IMHO this is only an step in an "arms race".
> What you will do in three months, remove this check because it will
> prove useless since the spammers will also retry ? If yes, why install
> it in the first place ? 
> 
> 

spammers are already re-trying; but they give up after 10 minutes. 
As the delay time increases, the chances of getting on a blacklist 
increase, which makes it easier to identify a machine as a spamming bot.

I normally let my greyfilters run at 30 minutes deny, and 72hrs of 
lease time on a IP/To/From tuplet.  This setting seams to be pretty 
effective in dropping spam; at one point, upto 10k spam vs. a couple 
hundred ham messages.

thomsa
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/