Mailing List SIMS@mail.stalker.com Message #6154
From: Matt Simpson <msimpson@uky.edu>
Subject: Re: spamtrap ... still trying to understand
Date: Mon, 5 Jun 2000 14:05:30 -0400
To: SIMS Discussions <SIMS@mail.stalker.com>
I said ..

 > OK, thanks.  So I should assume this spammer's server was either very
 stupid or very persistent.

then At 6:46 PM +0100 6/5/00, Steve Linford said:

No, he just hadn't got to the DATA point (SIMS returns the "593" when the
spammer stops inputting RCPT TOs and issues the DATA command, at which
point a lesser MTA than SIMS would return "250")

But if that's the case, then we're assuming that all these RCPT TOs were in a single message. The only address I see in the log is <bigguy@rivendell.cc.uky.edu>  (which is a spamtrap address) .. over and over again. Does this mean that he sent a single message with that single address repeated many times (making him very persistent and/or stupid as I suggested)?  Or does it mean that on a spamtrap match, SIMS logs only the spamtrap address and not the other addresses in the message?   Maybe it's the latter, since my SMTP logging is set to "Problems". It looks like the actual recipient does get identified on a successful delivery.

If this wasn't a case of the guy being dumb/persistent and repeating the same address over and over, then it's a case of guessing/generating addresses, because I only have about 15 addresses on my server, and got a ton of spamtrap rejections.

--
Matt Simpson --  Obsolete MVS Guy
University Of Kentucky, Lexington, KY
<mailto:msimpson@uky.edu>     <http://rivendell.cc.uky.edu/>
If your not living life on the edge, your wasting space.
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster