Obviously spammers try to get the biggest effect without caring for success. This is why greylisting works so great, I think.
I still get daily requests to the sendmail CGI script which is no more vulnerable and turns down all exploit requests in the first check. I rarely see a message which gets to the second check and is illegitimate. Funny, huh? Looks like the spammers are not smart enough to see there is no success anymore. If I was a spammer, I’d always include one mail address as recipient to check for my success rate and “assess” the different paths of spitting out my garbage to the world.
It has been over a week now that I patched the security hole …
// Oliver