Autor: W B Hacker Data: Dla: exim users Temat: Re: [exim] [OT] greylisting bypassed by spam
Chris Laif wrote: > This morning I observed a huge number of spam messages bypassing our
> greylisting mechanism. The greylisting retry time is set to 3700s
> (>1h!) and the messages are still getting through. Did anyone observe
> a similiar situation?
>
> Chris
>
We saw something similar from a long-running bot-farm attack on 12th March.
3.5 million lines written to ~/mainlog in 24 hours, so still haven't had the
time to ascertain an accurate count of attempts, but on the order of 300,000 to
600,000, given what we ordinarily produce as log line-count per each.
The 'fix' here was to be a bit more aggressive w/r deny/drop on dynamic IP vs
defer-and-greylist.
Absent analysis, I cannot say that these were bots that had been reprogrammed to
wait-out greylisting, but it is the most likely probability.