[Mimedefang] On being a better spammer

Philip Prindeville philipp_subx at redfish-solutions.com
Thu Oct 26 15:49:57 EDT 2006 

Here's a clue to all of those spammers that regularly read this list
to figure out how to better defeat our counter-measures:  Try to
operate under the radar.

I'm looking at the logs below, and frankly, if someone does a single
connect to my site and we reject his connection, it gets logged, but
typically not acted on.

If someone, on the other hand, connects, fails, and then retries
15 more times figuring that "if at first you don't succeed, try,
try again" (usually doesn't work in deterministic systems...
you're pretty much guaranteed that the first failure will be
consistently repeated)...  Well, you're just going to fill up my
logs and piss me off.

So take your cue from the first rejection and go away.  If you
try back again -- especially within the next few seconds -- you're
going to bring out the Darwinian wrath in me, and I will take it
up with your ISP (and if they don't act, with your ISP's IXC, so
that they apply pressure... which is usually highly effective).

Oct 26 09:41:22 mail mimedefang.pl[23049]: relay: reject country pl (83.23.100.12)
Oct 26 09:41:22 mail mimedefang.pl[23049]: filter_relay rejected host 83.23.100.12 (ddw12.neoplus.adsl.tpnet.pl)
Oct 26 09:41:22 mail sendmail[23971]: k9QFfMNQ023971: Milter: connect: host=ddw12.neoplus.adsl.tpnet.pl, addr=83.23.100.12, rejecting commands
Oct 26 09:41:22 mail sendmail[23973]: ruleset=check_relay, arg1=ddw12.neoplus.adsl.tpnet.pl, arg2=83.23.100.12, relay=ddw12.neoplus.adsl.tpnet.pl [83.23.100.12], reject=421 4.3.2 Connection rate limit exceeded.
Oct 26 09:41:23 mail sendmail[23974]: ruleset=check_relay, arg1=ddw12.neoplus.adsl.tpnet.pl, arg2=83.23.100.12, relay=ddw12.neoplus.adsl.tpnet.pl [83.23.100.12], reject=421 4.3.2 Connection rate limit exceeded.
Oct 26 09:41:24 mail sendmail[23975]: ruleset=check_relay, arg1=ddw12.neoplus.adsl.tpnet.pl, arg2=83.23.100.12, relay=ddw12.neoplus.adsl.tpnet.pl [83.23.100.12], reject=421 4.3.2 Connection rate limit exceeded.
Oct 26 09:41:24 mail sendmail[23976]: ruleset=check_relay, arg1=ddw12.neoplus.adsl.tpnet.pl, arg2=83.23.100.12, relay=ddw12.neoplus.adsl.tpnet.pl [83.23.100.12], reject=421 4.3.2 Connection rate limit exceeded.
Oct 26 09:41:25 mail sendmail[23977]: ruleset=check_relay, arg1=ddw12.neoplus.adsl.tpnet.pl, arg2=83.23.100.12, relay=ddw12.neoplus.adsl.tpnet.pl [83.23.100.12], reject=421 4.3.2 Connection rate limit exceeded.
Oct 26 09:41:26 mail sendmail[23978]: ruleset=check_relay, arg1=ddw12.neoplus.adsl.tpnet.pl, arg2=83.23.100.12, relay=ddw12.neoplus.adsl.tpnet.pl [83.23.100.12], reject=421 4.3.2 Connection rate limit exceeded.
Oct 26 09:41:27 mail sendmail[23979]: ruleset=check_relay, arg1=ddw12.neoplus.adsl.tpnet.pl, arg2=83.23.100.12, relay=ddw12.neoplus.adsl.tpnet.pl [83.23.100.12], reject=421 4.3.2 Connection rate limit exceeded.
Oct 26 09:41:27 mail sendmail[23980]: ruleset=check_relay, arg1=ddw12.neoplus.adsl.tpnet.pl, arg2=83.23.100.12, relay=ddw12.neoplus.adsl.tpnet.pl [83.23.100.12], reject=421 4.3.2 Connection rate limit exceeded.
Oct 26 09:41:28 mail sendmail[23981]: ruleset=check_relay, arg1=ddw12.neoplus.adsl.tpnet.pl, arg2=83.23.100.12, relay=ddw12.neoplus.adsl.tpnet.pl [83.23.100.12], reject=421 4.3.2 Connection rate limit exceeded.
Oct 26 09:41:29 mail sendmail[23982]: ruleset=check_relay, arg1=ddw12.neoplus.adsl.tpnet.pl, arg2=83.23.100.12, relay=ddw12.neoplus.adsl.tpnet.pl [83.23.100.12], reject=421 4.3.2 Connection rate limit exceeded.
Oct 26 09:41:30 mail sendmail[23983]: ruleset=check_relay, arg1=ddw12.neoplus.adsl.tpnet.pl, arg2=83.23.100.12, relay=ddw12.neoplus.adsl.tpnet.pl [83.23.100.12], reject=421 4.3.2 Connection rate limit exceeded.
Oct 26 09:41:30 mail sendmail[23984]: ruleset=check_relay, arg1=ddw12.neoplus.adsl.tpnet.pl, arg2=83.23.100.12, relay=ddw12.neoplus.adsl.tpnet.pl [83.23.100.12], reject=421 4.3.2 Connection rate limit exceeded.
Oct 26 09:41:31 mail sendmail[23985]: ruleset=check_relay, arg1=ddw12.neoplus.adsl.tpnet.pl, arg2=83.23.100.12, relay=ddw12.neoplus.adsl.tpnet.pl [83.23.100.12], reject=421 4.3.2 Connection rate limit exceeded.
Oct 26 09:41:32 mail sendmail[23986]: ruleset=check_relay, arg1=ddw12.neoplus.adsl.tpnet.pl, arg2=83.23.100.12, relay=ddw12.neoplus.adsl.tpnet.pl [83.23.100.12], reject=421 4.3.2 Connection rate limit exceeded.

More information about the MIMEDefang mailing list