[nzlug] (OT) Sorbs etc, was Exim: Limiting outgoing connections
on Debian
Simon Lyall
simon at darkmere.gen.nz
Wed Oct 11 14:50:03 NZDT 2006
On Wed, 11 Oct 2006, Robin Sheat wrote:
> On Wednesday 11 October 2006 09:16, Cliff Pratt wrote:
> > Except that these days they use zombies and owned machines. Greylisters
> > in general don't use blacklists and hence are open to attack by zombies
> > and owned machines.
> No they're not. That's what I mean by a bot. Bots don't tend to retry because
> they're pushing through heaps of mail and it would just slow them down.
The individual bots are not sending a huge amount of email, they are all
home machines remember so don't use a lot of bandwidth or resources. There
are millions of infected machines out there, they only need to send a few
thousand emails per day each.
If greylisting becomes common enough for the Spammers to determine it is
worth trying to beat then they will just adjust their software to retry
after 15 minutes if it gets a 4xx error message.
Spammers are out to make money and are quite prepared to spend half an
hour implimenting a retry function in the bot code if this will improve
their hit rate. They already tweak their code to get past spamassassin
filters and AOL's filters.
--
Simon J. Lyall | Very Busy | Web: http://www.darkmere.gen.nz/
"To stay awake all night adds a day to your life" - Stilgar | eMT.
More information about the NZLUG
mailing list