Sudden dropoff in volume of spam
Support ePaxsys/FRWS
support at EPAXSYS.NET
Sun Apr 11 21:26:10 IST 2004
At 01:11 PM 4/11/04 +1000, you wrote:
> > -----Original Message-----
> > From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
> > Behalf Of Michael St. Laurent
> > Sent: Friday, 9 April 2004 4:24 AM
> > To: MAILSCANNER at JISCMAIL.AC.UK
> > Subject: Re: Sudden dropoff in volume of spam
> >
> > > 3) An increasingly high percentage of spam received over the last few
> > > weeks is from trojaned machines.
> >
> > Interesting. How can you tell?
>
>Connecting machines are invariably PC's on broadband connections, don't
>accept port 25 connections and looking at multiple copies of the spam itself
>will show hugely varied source locations (USA, Europe, Korea, Australia etc)
>
> > > We've recently started using dynamic range blocks on SMTP connect
> > > which is why I suspect we're seeing what we are.
> >
> > Cool! How are you doing that? iptables? hosts.deny?
>
>Sendmail access files. We've been developing our own files to ensure we are
>responsible for and in control of any false positives, however there are
>lots of very good RBL's which do the same.
>
> > Thanks for responding Dave.
>
>Not a problem!!
>
>Cheers!
>
>Dave
>
>
>========================================================================
> Pain free spam & virus protection by: www.mailsecurity.net.au
> Forward undetected SPAM to: spam at mailsecurity.net.au
>========================================================================
We second the motion on how the SPAM is now becoming more and more
open-relays and trojaned machines. Statistics prove it on our end.
A large amount of SPAM comes from China, Korea, and a couple South American
countries, but the lion's share of the spam 'attempts' is from residential
and broadband machines. Comcast gets the kudos for still being the worst
(on our servers), with the others (RR, Adelphia, ATTBI, etc) coming in
strong behind them.
There are the pockets of hardcore spam IPs and hosts that constantly change
their 'names' but the IPs seem consistent, so maybe the ISPs themselves are
wising up and there are fewer out there willing to host them. One can only
hope.
A small webpage with some ongoing daily SPAM host stats is at:
http://www.frws.com/spam-hallofshame.html
and shows what we see on two servers (one a primary and the other a
secondary MX) serving about 52 domains and 600 users, give or take.
Stats are always telling. We also run our own lists here to block dynamic
and residential hosts, as well as numerous others - and the reasons are
obvious once you look at the stats. And we do use SpamHaus and other RBLs
as well, all at the sendmail level. Keeping it off the servers in the first
place is our goal, less processing for the Virus and SPAM scanners that
way. :>)
Jerome
ePaxsys/FRWS Technical Staff
ePaxsys, Inc. http://www.epaxsys.net
FRWS: http://www.frws.com
Live Text Support: http://www.epaxsys.net/live-help
More information about the MailScanner
mailing list