Currently viewing and reading

Jobbed again

Posted by Chris in August 4th 2007  

It would appear that some 3-4 hours of spam was cluelessly sent with a fake from address aimed at me, but this time there was no grief with it unlike the last big last time. This attack was about half the size of the awesome flood a year ago.

Load Average Last night

So this gave me an excellent opportunity to test out many mail servers sending me ‘ham’ via the greylist service (set to accept after 40 seconds). So here is a small random selection:

X-Greylist: delayed 1107 seconds (postfix)
X-Greylist: delayed 95 seconds (sendmail)
X-Greylist: delayed 169 seconds (sendmail)
X-Greylist: delayed 1295 seconds (postfix)
X-Greylist: delayed 400 seconds (qmail)
X-Greylist: delayed 1208 seconds (nplex)
X-Greylist: delayed 1307 seconds (postfix)
X-Greylist: delayed 400 seconds (qmail)
X-Greylist: delayed 400 seconds (qmail – hmmm a pattern)
X-Greylist: delayed 318 seconds (sendmail)
X-Greylist: delayed 63 seconds (microsoft )
X-Greylist: delayed 400 seconds (qmail)
X-Greylist: delayed 62 seconds (unknown – suspect MS p0f gave “Windows 2000 SP4, XP SP1”)
X-Greylist: delayed 400 seconds (qmail)
X-Greylist: delayed 64 seconds (microsoft)
X-Greylist: delayed 840 seconds (sendmail)
X-Greylist: delayed 65 seconds (microsoft)
X-Greylist: delayed 2353 second (postfix)
X-Greylist: delayed 970 seconds (symantec)
X-Greylist: delayed 2616 seconds (sendmail)
X-Greylist: delayed 400 seconds (qmail)
X-Greylist: delayed 162 seconds (unknown – Linux)
X-Greylist: delayed 917 seconds (sendmail)
X-Greylist: delayed 64 seconds (microsoft)
X-Greylist: delayed 399 seconds (qmail)
X-Greylist: delayed 363 seconds (postfix)
X-Greylist: delayed 69 seconds (microsoft)
X-Greylist: delayed 69 seconds (microsoft)
X-Greylist: delayed 915 seconds (MS IMS)
X-Greylist: delayed 395 seconds (qmail)
X-Greylist: delayed 445 seconds (sendmail)

So a revisit time of 580-620 seconds might be worth a spamassassin point or two.

One observation that also caught my eye is that yahoo are sending a lot of user-unknown messages out of the SMTP session. Yahoo are whitelisted on postgrey and hence have no greylist header added (though I wish it would with the reasoning) so I caught a lot of their blow-back for user unknown errors. Thats just wrong Y! guys!

under: Spam, ~/

Related Posts:

No Comment Received

Leave A Reply

Please Note: Comments maybe under moderation after you submit your comments so there is no need to resubmit your comment again

« Botspam vs. Greylisting - 1 : 0
New spam graphing »

Feeds

feeds
Subscribe to the feed

Categories

Search

Chirping away

    :@jmason where did you move too? Servage? Site5 *shudder* ??? - 3 days ago
    :First frost of the year. I loathe clearing ICE off the car. Lost the quiz on a tie-breaker too :( - 5 days ago
    :About to eat spit roasted venison & lamb at a friends 71st birthday bash mmmmmmmm - 6 days ago
    :About to eat spit roasted venison & lamb at a friends 71st birthday bash mmmmmmmm - 6 days ago
    :@GarWarner Onlinenic and 35.com/35 tech are the same company. - 6 days ago
    :@bormuff he he ;) - Oct 3rd

Mmmmm Del.icio.us!

More About The Site

One man and his blog. (Well his 3rd blog actually).

Tags

Links

  • Andy - Geocaching his way through life.
  • Jeremy - Yahoo’s MySQL bod
  • Justin - Irish spam Ninja
  • kasia - Anti spam girl.
  • Neil - Student

Archives

Pages

Meta