Home » Mailing list archives » openbsd-misc » 2007 » September » 25

Re: SMTP flood + spamdb

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Peter N. M. Hansteen <peter@...>
To: patrick keshishian <pkeshish@...>
Cc: <misc@...>
Subject: Re: SMTP flood + spamdb
Date: Tuesday, September 25, 2007 - 3:38 am

"patrick keshishian"  writes:


> When you speak of "misconfigured mail servers bouncing spam",


The real question in there is, what does a properly configured mail

server do with spam?  My answer is, if it gets as far as content

filtering, drop it as soon as it's classified as spam, don't bounce

it.  Bouncing spam is never useful, the purported return address is

extremely unlikely to be deliverable.


A bounce is only useful for valid messages (which happen to be sent to

a mistyped address), which in our context means that the message has

passed greylisting and most likely some content filtering or other.

In all likelihood you will still bounce to a few bogus ones, but

taking this approach makes you a lot less noisy.


The noise you are seeing is from sites which either don't bother much

with filtering, or if they do, belong to that little cult of "bouncing

spam is good" believers.


>  - GREY list count is 342 (and growing)


Unless your spamd box is extremely skinny, none of these figures are

particularly worrying.  spamd allocates IIRC about 12 kilobytes of

buffers per tarpitted host, for greylist entries just another tuple in

the database.


My list of trap addresses, all harvested from stuff from out there, is

just over 2700.  Right now there are 273 hosts in the greylist at the

gateway closest to where I'm sitting (my home net, actually), with 533

in TRAPPED state.


> This is not fun :-\


Well, it should not be a huge problem.  IMO people who fake addresses

in other people's domains should be prosecuted for some variety of

fraud, but with the current level of digital competence in law

enforcement that is just not going to happen.  In the meantime we have

reasonable countermeasures.  See what greyscanner can do for you.


- P

--

Peter N. M. Hansteen, member of the first RFC 1149 implementation team

http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/

"Remember to set the evil bit on all malicious network traffic"

delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
SMTP flood + spamdb, patrick keshishian, (Sun Sep 23, 6:33 pm)
Re: SMTP flood + spamdb, Peter N. M. Hansteen, (Mon Sep 24, 1:34 am)
Re: SMTP flood + spamdb, patrick keshishian, (Tue Sep 25, 3:08 am)
Re: SMTP flood + spamdb, Craig Skinner, (Tue Sep 25, 4:38 am)
Re: SMTP flood + spamdb, RW, (Tue Sep 25, 7:00 am)
Re: SMTP flood + spamdb, Liviu Daia, (Tue Sep 25, 7:14 am)
Re: SMTP flood + spamdb, RW, (Tue Sep 25, 7:17 pm)
Re: SMTP flood + spamdb, Liviu Daia, (Tue Sep 25, 8:16 pm)
Re: SMTP flood + spamdb, RW, (Wed Sep 26, 12:25 am)
Re: SMTP flood + spamdb, Craig Skinner, (Tue Sep 25, 7:40 am)
Re: SMTP flood + spamdb, RW, (Tue Sep 25, 7:04 pm)
Re: SMTP flood + spamdb, Craig Skinner, (Wed Sep 26, 4:00 am)
Re: SMTP flood + spamdb, Liviu Daia, (Wed Sep 26, 7:18 am)
Re: SMTP flood + spamdb, Damien Miller, (Wed Sep 26, 8:45 am)
Re: SMTP flood + spamdb, Liviu Daia, (Wed Sep 26, 9:27 am)
Re: SMTP flood + spamdb, Jeremy C. Reed, (Wed Sep 26, 9:51 am)
Re: SMTP flood + spamdb, Craig Skinner, (Wed Sep 26, 9:41 am)
Re: SMTP flood + spamdb, Liviu Daia, (Wed Sep 26, 10:02 am)
Re: SMTP flood + spamdb, Eric Johnson, (Thu Sep 27, 5:45 am)
Re: SMTP flood + spamdb, Dave Anderson, (Wed Sep 26, 11:03 am)
Re: SMTP flood + spamdb, Peter N. M. Hansteen, (Wed Sep 26, 11:26 am)
Re: SMTP flood + spamdb, RW, (Wed Sep 26, 6:21 pm)
Re: SMTP flood + spamdb, Stuart Henderson, (Wed Sep 26, 11:23 am)
Re: SMTP flood + spamdb, Peter N. M. Hansteen, (Wed Sep 26, 10:54 am)
Re: SMTP flood + spamdb, Liviu Daia, (Wed Sep 26, 1:05 pm)
Re: SMTP flood + spamdb, Rob, (Wed Sep 26, 5:03 pm)
Re: SMTP flood + spamdb, Hannah Schroeter, (Wed Sep 26, 5:33 pm)
Re: SMTP flood + spamdb, Rob, (Wed Sep 26, 5:51 pm)
Re: SMTP flood + spamdb, Peter N. M. Hansteen, (Wed Sep 26, 6:17 pm)
Re: SMTP flood + spamdb, Jeremy C. Reed, (Wed Sep 26, 1:48 pm)
Re: SMTP flood + spamdb, Liviu Daia, (Wed Sep 26, 2:16 pm)
Re: SMTP flood + spamdb, Bob Beck, (Wed Sep 26, 1:22 pm)
Re: SMTP flood + spamdb, Juan Miscaro, (Thu Sep 27, 12:36 pm)
Re: SMTP flood + spamdb, Bob Beck, (Thu Sep 27, 1:50 pm)
Re: SMTP flood + spamdb, Kurt Mosiejczuk, (Thu Sep 27, 2:04 pm)
Re: SMTP flood + spamdb, Liviu Daia, (Wed Sep 26, 2:13 pm)
Re: SMTP flood + spamdb, Craig Skinner, (Wed Sep 26, 10:29 am)
Re: SMTP flood + spamdb, Luca Corti, (Wed Sep 26, 10:22 am)
Re: SMTP flood + spamdb, Liviu Daia, (Wed Sep 26, 10:38 am)
Re: SMTP flood + spamdb, Luca Corti, (Wed Sep 26, 11:59 am)
Re: SMTP flood + spamdb, Liviu Daia, (Wed Sep 26, 10:48 am)
Re: SMTP flood + spamdb, Craig Skinner, (Wed Sep 26, 11:01 am)
Re: SMTP flood + spamdb, Luca Corti, (Wed Sep 26, 12:06 pm)
Re: SMTP flood + spamdb, Peter N. M. Hansteen, (Wed Sep 26, 4:46 am)
Re: SMTP flood + spamdb, Peter N. M. Hansteen, (Tue Sep 25, 7:22 am)
Re: SMTP flood + spamdb, Peter N. M. Hansteen, (Tue Sep 25, 4:50 am)
Re: SMTP flood + spamdb, Peter N. M. Hansteen, (Tue Sep 25, 3:38 am)
Re: SMTP flood + spamdb, Darrin Chandler, (Sun Sep 23, 8:39 pm)
Re: SMTP flood + spamdb, patrick keshishian, (Sun Sep 23, 11:53 pm)
Re: SMTP flood + spamdb, Stuart Henderson, (Mon Sep 24, 6:47 am)
Re: SMTP flood + spamdb, patrick keshishian, (Mon Sep 24, 11:01 pm)
Re: SMTP flood + spamdb, Stuart Henderson, (Tue Sep 25, 5:29 am)
Re: SMTP flood + spamdb, Stuart Henderson, (Tue Sep 25, 6:56 am)
Re: SMTP flood + spamdb, Craig Skinner, (Tue Sep 25, 7:30 am)
Re: SMTP flood + spamdb, Chris Smith, (Tue Sep 25, 10:51 am)
Re: SMTP flood + spamdb, Craig Skinner, (Wed Sep 26, 3:50 am)
Re: SMTP flood + spamdb, Peter N. M. Hansteen, (Tue Sep 25, 6:36 am)
Re: SMTP flood + spamdb, Daniel Ouellet, (Sun Sep 23, 11:58 pm)