Milter-greylist

<attila.bruncsak@...> wrote:

> Anyhow, the spamware retries now in double time (~10m20s).
> I think nothing really to do. We expected this to happen.
> It just costs a bit more to send the spam.

We have a old counter measure that we now have to deploy: distributed
honeypots. That will catch botnet members between resends. I wrote some
software to do that some time ago, and I guess it's time to work on it
again.

But there is a problem: spammers will probably use ISP regular SMTP
servers as relays so that they get blacklisted by the distributed
honeypot network, thus making the counter measure useless. So we have to
invent a way of finding that a host is a regular SMTP server that should
not be blacklisted.

I thought about using some scoring scheme. Each time you accept a mail
from an IP, raise the karma of the IP. If the IP is caught by a
honeypot, lower its karma. But the idea is not fully mature. 

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...