Slightly OT: sfm-sav milter

René Berber r.berber at
Fri Dec 1 23:13:03 GMT 2006

Kevin Miller wrote:

> I just posted the following to the smf-sav list, but thought I'd give
> folks here a heads up too, since I know some are using smf-sav milter...
> ===========
> The spammers are up to their old tricks apparently.  I noticed this in
> my logs today:
> -------------------------------------------------
> Nov 30 19:06:23 mx2 smf-sav[22911]: sender check succeeded:
> <burlkevin_miller at>,,
>, [00:00:03]
> Nov 30 19:06:24 mx2 smf-sav[22911]: recipient check failed:
> <burlkevin_miller at>,,
> <burlkevin_miller at>, [00:00:00]
> -------------------------------------------------
> There are numerous entries where they use some phoney address as the
> from=, which generally fail.  I guess they figured they'd have a better
> chance of getting their spam through if they forged an address from my
> domain, but configured their server to verify it.

A variation of dictionary attacks... smarter, but it could be easily made more

SnertSoft's milter-error would stop the queries if smf-sav signal an error when
the ckeck fails (I don't use smf-sav but, for instance, gray listing a sender
does produce an error, and when the sender retries too fast too often,
milter-error kicks and black list them for a longer period).

René Berber

More information about the MailScanner mailing list