[Mimedefang] Repeated attempts with different sender and IP when greylisting
Mike Grau
m.grau at kcc.state.ks.us
Fri Feb 17 10:14:27 EST 2006
Hello.
I recently started using greylisting within Mimedefang on our relays.
When TEMPFAIL'ed a spammer resends the same piece of mail every few
seconds using a different IP and sender address. This continues until a
permanent error is sent (User unknown). How do others deal with this
tactic? See example below.
Feb 16 15:41:15 a043194 mimedefang.pl[23365]: TEMPFAIL 125.245.81.146
<user at my.domain.com> <rnedal at goflygroup.com>
Feb 16 15:41:15 a043194 sendmail[24281]: k1GLf1ei024281: Milter:
to=<user at my.domain.com>, reject=451 4.3.0 Greylisted for 30 minutes and
0 seconds.
Feb 16 15:41:48 a043147 mimedefang.pl[19961]: TEMPFAIL 201.6.165.230
<vince at giudittateresa.com> <user at my.domain.com>
Feb 16 15:41:48 a043147 sendmail[20302]: k1GLfeQ0020302: Milter:
to=<user at my.domain.com>, reject=451 4.3.0 Greylisted for 30 minutes and
0 seconds.
Feb 16 15:41:51 a043194 mimedefang.pl[23365]: TEMPFAIL 125.242.199.18
<user at my.domain.com> <oetiker at gorsk.net>
Feb 16 15:41:51 a043194 sendmail[24310]: k1GLfiPb024310: Milter:
to=<user at my.domain.com>, reject=451 4.3.0 Greylisted for 30 minutes and
0 seconds.
Feb 16 15:42:11 a043194 mimedefang.pl[23383]: TEMPFAIL 200.216.24.6
<user at my.domain.com> <Ssiddiqi at gogginbuckley.com>
Feb 16 15:42:11 a043194 sendmail[24323]: k1GLg14t024323: Milter:
to=<user at my.domain.com>, reject=451 4.3.0 Greylisted for 30 minutes and
0 seconds.
Feb 16 15:42:53 a043194 mimedefang.pl[23383]: TEMPFAIL 125.250.29.242
<user at my.domain.com> <xiphmont at graphite-eng.com>
Feb 16 15:42:53 a043194 sendmail[24354]: k1GLgkCb024354: Milter:
to=<user at my.domain.com>, reject=451 4.3.0 Greylisted for 30 minutes and
0 seconds.
.
many many more ...
.
Feb 16 16:35:06 a043194 mimedefang.pl[24387]: TEMPFAIL 69.88.142.140
<user at my.domain.com> <imai at goldleafgallery.com>
Feb 16 16:35:06 a043194 sendmail[25719]: k1GMZ0i3025719: Milter:
to=<user at my.domain.com>, reject=451 4.3.0 Greylisted for 30 minutes and
0 seconds.
Feb 16 16:36:13 a043194 mimedefang.pl[24387]: TEMPFAIL 82.129.131.3
<user at my.domain.com> <iranitev at greenculture.com>
Feb 16 16:36:13 a043194 sendmail[25754]: k1GMZwq4025754: Milter:
to=<user at my.domain.com>, reject=451 4.3.0 Greylisted for 30 minutes and
0 seconds.
Feb 16 16:38:05 a043194 sendmail[25824]: k1GMbwih025824:
ruleset=check_rcpt, arg1=<user at my.domain.com>, relay=[125.241.33.67],
reject=550 5.1.1 <user at my.domain.com>... User unknown
More information about the MIMEDefang
mailing list