On Wed, 26 Sep 2007, Liviu Daia wrote: > On 26 September 2007, Damien Miller <[EMAIL PROTECTED]> wrote: > > On Wed, 26 Sep 2007, Liviu Daia wrote: > > > > > Greylisting is trivial to bypass, with or without a queue: just > > > send the same messages twice. Some spammers have figured that out > > > long ago. Ever wondered why sometimes you receive 2 or 3 copies of > > > the same spam, from the same IP, with the same Message-Id etc., a > > > few minutes apart? > > > > That doesn't work, at least not against spamd. > > How does spamd distinguish between a legitimate retry and a > re-injection of the same message with the same Message-Id, sender etc.?
It can't. But spamd's default of 25 minute "passtime" should help. (Well it does help someone -- since it limits the spammer's resources.) (spamd doesn't know about Message-Id, it uses "connecting IP address, HELO/EHLO, envelope-from, and envelope-to".)
