Jacques Beigbeder <jacques.beigbeder@...> wrote: > For virus, I know they can retry: > May 19 19:28:18 nef milter-greylist: i4JHSIl0089807: addr 217.174.203.201 > May 19 from <> to <Webmaster@...> delayed for 00:58:00 19:34:59 nef > May 19 milter-greylist: i4JHYxuG093055: addr 217.174.203.201 from <> to > May 19 <Webmaster@...> delayed for 00:51:19 19:54:59 nef > May 19 milter-greylist: i4JHsxmT003327: addr 217.174.203.201 from <> to > May 19 <Webmaster@...> delayed for 00:31:19 20:28:20 nef > May 19 milter-greylist: i4JISIFi019762: addr 217.174.203.201 from <> rcpt > May 19 <Webmaster@...>: autowhitelisted for 720:00:00 > This is W32/Sober.g@MM. I'm pretty convinced it's a real mail server that relayed the virus. I suspect it just accepted the virus from its internal domain and propagates it outside. 217.174.203.201 even responds on port 25. AFAIK real viruses do not handle retries yet. But you should consider virus filtering before greylisting. I'm not surprised your greylist database grew so big if you greylist viruses. -- Emmanuel Dreyfus Il y a 10 sortes de personnes dans le monde: ceux qui comprennent le binaire et ceux qui ne le comprennent pas. manu@...
Message
Re: [milter-greylist] is this a DoS?
2004-05-26 by manu@netbsd.org