[Gambas-user] List status (fwd)
Christopher Brian Jack
brian at ...1334...
Tue Aug 15 01:00:03 CEST 2006
On Tue, 15 Aug 2006, Ron Onstenk wrote:
> Interesting but when I look at spammail I see the same spam from different IP
> and with different From addresses.
> I do not get in general more spams from one special IP, then it looks to me
> that IP filtering does not filter optimal.
> Also the From: addresses are more unique instead the same.
> The Sender Address Verification my provider does works for many but not all.
>
> I'm happy to get not over 10 each day now. (fingers crossed)
I've seen as many as 500-2000 attempts from the same IP on bad days and
there are around 1-7 bad days per two weeks (on a REALLY bad day 2 or
more spammers will be doing this concurrently). This connection, bit of
communication (HELO/EHLO and everything up to my MTA disallowing the MAIL
command), SYN signals and DNSBL lookups all cost bandwidth.
Also the number of attacks like this is increasing so the number of "bad"
days is going up (I think sapmmers+hackers are trying to DOS the DNSBL
sites out of operation so they can push their spam anywhere and
everywhere).
Personally I find content filters a joke as well as a cat and mouse game
and there are far more spammers (fast-moving mice) out there than there
are content filter maintainers (slow bulky cats).
I am manually starting to cache DNSBL results locally and eventually will
have a script automatically blacklist any IP that turns up "hot" when the
MTA checks the DNSBL of the connected IP.
If I finally deicde it's time for ipfw I'll most likely switch the access
file for a 1-column database so I can maintain uniqueness of IP numbers
and use a boolean algebra tool like expresso to turn the mass of IP
numbers in the DB into CIDRs to make a smaller ipfw rule table.
If it takes a while (and uses too much CPU) I'll use a periodic cronjob.
If instantaneous blocking doesn't use too much CPU I'll have it fire
whenever sputnik catches a spam (or is forwarded one from a local
account).
.=================================================.
| Christopher BRIAN Jack aka "Gau of the Veldt" |
+================================================='
| oevna at ...1544...
`=================================================-
Hi Spambots, my email address is sputnik at ...1334...
Hi Humans, my email address uses rot13 cipher
More information about the User
mailing list