[NTLUG:Discuss] Be impressed/Be appalled
asenec@senechalle.net
asenec at senechalle.net
Tue Jun 10 16:52:47 CDT 2003
Pretty much by hand--I have scripts which show me
what relays were used to send mail discarded as spam.
I think I have it setup right now to tell me if I have spam incoming
from 3 or more different addresses in one Class C, on any one
day, or if more than 15 discards are sent from any one address
on any one day. With that data in hand, I grep out the
indicated C's from the maillog, so I know exactly what I'm
putting a firewall up against. I think depending entirely
on automation could easily get you in trouble.
Consider the case of spammer hitting all of aol and forging one
of your addresses, so 5 zillion bounces come back to (innocent) you.
You'd want to discard those bounces, but you wouldn't necessarily want to
put a firewall up against aol. Then there are the cases
of the spammer on a dynamic dialup--it's not going to do you much
good to put up a permanent firewall against him.
Manual construction of the firewalls is time-consuming, but
it's payoff is that very few firewalls are setup against
relays from which legitimate mail originates.
Annette
> From tom-sender-5bbe11 at hisword.net Tue Jun 10 16:06:46 2003
> Date: Tue, 10 Jun 2003 15:38:20 -0500
> To: discuss at ntlug.org
> Subject: Re: [NTLUG:Discuss] Be impressed/Be appalled
> Mime-Version: 1.0
> Content-Disposition: inline
> User-Agent: Mutt/1.3.28i
> X-Editor: Vim http://www.vim.org/
> X-message-flag: Outlook? Viral infections & bugs for the forseeable future!
> From: Tom Hoover <tom-sender-5bbe11 at hisword.net>
> Mail-Followup-To: tom-sender-5bbe11 at hisword.net,
> discuss at ntlug.org
> X-Delivery-Agent: TMDA/0.74 (Citation)
> X-BeenThere: discuss at ntlug.org
> X-Mailman-Version: 2.1
> List-Id: NTLUG Discussion List <discuss.ntlug.org>
> List-Help: <mailto:discuss-request at ntlug.org?subject=help>
> List-Post: <mailto:discuss at ntlug.org>
> List-Subscribe: <https://ntlug.org/mailman/listinfo/discuss>,
> <mailto:discuss-request at ntlug.org?subject=subscribe>
> List-Archive: </pipermail>
> List-Unsubscribe: <https://ntlug.org/mailman/listinfo/discuss>,
> <mailto:discuss-request at ntlug.org?subject=unsubscribe>
>
> On Tue, Jun 10, 2003 at 12:58:39PM -0500, asenec at senechalle.net wrote:
> > I've resorted to putting up firewalls against address ranges
> > from which large amounts of spam originates--I had to since
> > the never-ending, ever-growing flood of spam was about to
> > burn up our primary mailservers (incoming hubs for about 5K domains).
> > At the moment, I have firewalls up against:
> >
> > ...
> >
> > Total addresses firewalled: 19772961
> >
> > That's about 8750 fw rules--and look at the load:
>
> Just curious...did you enter all of those rules by hand, or do you have
> a script to automate things? I've just recently started doing the same
> thing, but haven't gotten around to automating it yet.
>
>
> _______________________________________________
> https://ntlug.org/mailman/listinfo/discuss
>
More information about the Discuss
mailing list