Home » Mailing list archives » openbsd-misc » 2007 » September » 25

Re: SMTP flood + spamdb

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: RW <glisten@...>
To: misc@openbsd.org <misc@...>
Subject: Re: SMTP flood + spamdb
Date: Tuesday, September 25, 2007 - 7:00 am

On Tue, 25 Sep 2007 09:38:10 +0100, Craig Skinner wrote:


>Greylisting is of no use whatsoever because the servers sending the


I've snipped all the content (which I largely  agree with) above and

below this paragraph to recount my experience which started about a

fortnight ago and ran for about a week.


Log analysis showed that there were two classes of incoming unwanted

crap.


One was bounced mail that should have been rejected as "invalid

recipient" mail at the original target. That included an mx at

aph.gov.au, the Australian Federal Parliamnet House. Yep, the pollies

who want ISPs to block websites on request and who spent $84mil on a

kiddie-filter that some 10-year old bypassed in ten minutes,


The others were from bots as far as I could tell but they were not

being sent by MTAs which had received them.


My defence was to write a couple of scripts. One parsed the output of

spamdb looking for GREY with sender <> and then tested the intended

recipient against the postfix valid mailbox database. If it failed then

the sender IP was added to a pf table that was outright blacklisted for

24 hours. The other script did housekeeping and added sender IPs to the

TRAPPED category in case they retried later.


The blacklist grew rapidly to over 1200 unique addresses but then

petered out after a few days and I turned off the cron jobs running the

scripts at day nine.


So greylisting/spamd did a hell of a good job for me. I would not have

been able to block traffic from all those crappily configured boxes

(MTAs mostly qmail or windows) unless I had a greylist database to scan

every few minutes.


Peter H and Beck@ know what they are doing alright and do good papers

on it.

Thanks.

R/


Me...a skeptic?  I trust you have proof.
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
SMTP flood + spamdb, patrick keshishian, (Sun Sep 23, 6:33 pm)
Re: SMTP flood + spamdb, Peter N. M. Hansteen, (Mon Sep 24, 1:34 am)
Re: SMTP flood + spamdb, patrick keshishian, (Tue Sep 25, 3:08 am)
Re: SMTP flood + spamdb, Craig Skinner, (Tue Sep 25, 4:38 am)
Re: SMTP flood + spamdb, RW, (Tue Sep 25, 7:00 am)
Re: SMTP flood + spamdb, Liviu Daia, (Tue Sep 25, 7:14 am)
Re: SMTP flood + spamdb, RW, (Tue Sep 25, 7:17 pm)
Re: SMTP flood + spamdb, Liviu Daia, (Tue Sep 25, 8:16 pm)
Re: SMTP flood + spamdb, RW, (Wed Sep 26, 12:25 am)
Re: SMTP flood + spamdb, Craig Skinner, (Tue Sep 25, 7:40 am)
Re: SMTP flood + spamdb, RW, (Tue Sep 25, 7:04 pm)
Re: SMTP flood + spamdb, Craig Skinner, (Wed Sep 26, 4:00 am)
Re: SMTP flood + spamdb, Liviu Daia, (Wed Sep 26, 7:18 am)
Re: SMTP flood + spamdb, Damien Miller, (Wed Sep 26, 8:45 am)
Re: SMTP flood + spamdb, Liviu Daia, (Wed Sep 26, 9:27 am)
Re: SMTP flood + spamdb, Jeremy C. Reed, (Wed Sep 26, 9:51 am)
Re: SMTP flood + spamdb, Craig Skinner, (Wed Sep 26, 9:41 am)
Re: SMTP flood + spamdb, Liviu Daia, (Wed Sep 26, 10:02 am)
Re: SMTP flood + spamdb, Eric Johnson, (Thu Sep 27, 5:45 am)
Re: SMTP flood + spamdb, Dave Anderson, (Wed Sep 26, 11:03 am)
Re: SMTP flood + spamdb, Peter N. M. Hansteen, (Wed Sep 26, 11:26 am)
Re: SMTP flood + spamdb, RW, (Wed Sep 26, 6:21 pm)
Re: SMTP flood + spamdb, Stuart Henderson, (Wed Sep 26, 11:23 am)
Re: SMTP flood + spamdb, Peter N. M. Hansteen, (Wed Sep 26, 10:54 am)
Re: SMTP flood + spamdb, Liviu Daia, (Wed Sep 26, 1:05 pm)
Re: SMTP flood + spamdb, Rob, (Wed Sep 26, 5:03 pm)
Re: SMTP flood + spamdb, Hannah Schroeter, (Wed Sep 26, 5:33 pm)
Re: SMTP flood + spamdb, Rob, (Wed Sep 26, 5:51 pm)
Re: SMTP flood + spamdb, Peter N. M. Hansteen, (Wed Sep 26, 6:17 pm)
Re: SMTP flood + spamdb, Jeremy C. Reed, (Wed Sep 26, 1:48 pm)
Re: SMTP flood + spamdb, Liviu Daia, (Wed Sep 26, 2:16 pm)
Re: SMTP flood + spamdb, Bob Beck, (Wed Sep 26, 1:22 pm)
Re: SMTP flood + spamdb, Juan Miscaro, (Thu Sep 27, 12:36 pm)
Re: SMTP flood + spamdb, Bob Beck, (Thu Sep 27, 1:50 pm)
Re: SMTP flood + spamdb, Kurt Mosiejczuk, (Thu Sep 27, 2:04 pm)
Re: SMTP flood + spamdb, Liviu Daia, (Wed Sep 26, 2:13 pm)
Re: SMTP flood + spamdb, Craig Skinner, (Wed Sep 26, 10:29 am)
Re: SMTP flood + spamdb, Luca Corti, (Wed Sep 26, 10:22 am)
Re: SMTP flood + spamdb, Liviu Daia, (Wed Sep 26, 10:38 am)
Re: SMTP flood + spamdb, Luca Corti, (Wed Sep 26, 11:59 am)
Re: SMTP flood + spamdb, Liviu Daia, (Wed Sep 26, 10:48 am)
Re: SMTP flood + spamdb, Craig Skinner, (Wed Sep 26, 11:01 am)
Re: SMTP flood + spamdb, Luca Corti, (Wed Sep 26, 12:06 pm)
Re: SMTP flood + spamdb, Peter N. M. Hansteen, (Wed Sep 26, 4:46 am)
Re: SMTP flood + spamdb, Peter N. M. Hansteen, (Tue Sep 25, 7:22 am)
Re: SMTP flood + spamdb, Peter N. M. Hansteen, (Tue Sep 25, 4:50 am)
Re: SMTP flood + spamdb, Peter N. M. Hansteen, (Tue Sep 25, 3:38 am)
Re: SMTP flood + spamdb, Darrin Chandler, (Sun Sep 23, 8:39 pm)
Re: SMTP flood + spamdb, patrick keshishian, (Sun Sep 23, 11:53 pm)
Re: SMTP flood + spamdb, Stuart Henderson, (Mon Sep 24, 6:47 am)
Re: SMTP flood + spamdb, patrick keshishian, (Mon Sep 24, 11:01 pm)
Re: SMTP flood + spamdb, Stuart Henderson, (Tue Sep 25, 5:29 am)
Re: SMTP flood + spamdb, Stuart Henderson, (Tue Sep 25, 6:56 am)
Re: SMTP flood + spamdb, Craig Skinner, (Tue Sep 25, 7:30 am)
Re: SMTP flood + spamdb, Chris Smith, (Tue Sep 25, 10:51 am)
Re: SMTP flood + spamdb, Craig Skinner, (Wed Sep 26, 3:50 am)
Re: SMTP flood + spamdb, Peter N. M. Hansteen, (Tue Sep 25, 6:36 am)
Re: SMTP flood + spamdb, Daniel Ouellet, (Sun Sep 23, 11:58 pm)