[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: A potential way to cut down on spam.
Eugene/Alvin:
For what it's worth, I agree with Eugene. I see way more spam from what
appear to be zombies than high speed mailers.
I have implemented a customized "reactive" blocking approach and I don't
find that the remote system stops trying, even in the face of numerous
rejected delivery attempts.
Nonetheless, I get pretty good results by rejecting based on "mailbox
doesn't exist" messages in syslog. I accumulate "points" by IP address:
- messages with many recipients and many bad users get the highest points,
- messages with many recipients and two or less bad users get less points,
- messages with one recipient that's bad gets one point
Accumulate too many points over a specified period and the IP is added to
my RBL zone file. It's not perfect, but at least I'm doing something.
Speaking of which - has anyone else noticed that the spool ID isn't being
incremented when a remote server delivers multiple messages in the same
session?
All the best,
Neal Morgan
>
> A single system that sends 500,000 spam messages a day is not a problem
> at all to deal with. Most of our incoming spam is from thousands of
> infected "zombie" home PCs, each of them trying to send a mere hundred
> messages. For spammers, it won't be any problem to program those to
> make several delivery attempts.
>
> Eugene
>
> -
> To unsubscribe from this list: send the line "unsubscribe zmailer" in
> the body of a message to majordomo@nic.funet.fi
-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi